Blog
Back to blog posts
05 Mar 2019
2.7.9 Released
by SHIBATA Hiroshi
RubyGems 2.7.9 includes security fixes.
To update to the latest RubyGems you can run:
gem update --system
If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.
Security fixes:
- Fixed following vulnerabilities:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in
verbose - CVE-2019-8322: Escape sequence injection vulnerability in
gem owner - CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
SHA256 Checksums:
- rubygems-2.7.9.tgz
8fa1c95d0c6a1c601860a65a71664c84b01b62f9ecd95e7f34f98fd5330cd6ce - rubygems-2.7.9.zip
6d5043f8b1d8fb5b95c066df7820aaa215a7572eefbb7da17cf7d0812895f807 - rubygems-update-2.7.9.gem
d9fa6973b088227c085aae1a06c834dde8ce155727b30f925f66e19a827216df