RubyGems is a package management framework for Ruby.
This gem is an update for the RubyGems software. You must have an
installation of RubyGems before this update can be applied.
See Gem for information on RubyGems (or `ri Gem`)
To upgrade to the latest RubyGems, run:
$ gem update --system # you might need to be an administrator or root
See UPGRADING.rdoc for more details and alternative instructions.
···
-----
If you don't have RubyGems installed, you can still do it manually:
* Download from: https://rubygems.org/pages/download
* Unpack into a directory and cd there
* Install with: ruby setup.rb # you may need admin/root privilege
For more details and other options, see:
ruby setup.rb --help
Changes:
### 1.8.10 / 2011-08-26
RubyGems 1.8.10 contains a security fix that prevents malicious gems from
executing code when their specification is loaded. See https://github.com/rubygems/rubygems/pull/165 for details.
* 5 bug fixes:
* RubyGems escapes strings in ruby-format specs using #dump instead of #to_s
and %q to prevent code injection. Issue #165 by Postmodern
* RubyGems attempt to activate the psych gem now to obtain bugfixes from
psych.
* Gem.dir has been restored to the front of Gem.path. Fixes remaining
problem with Issue #115
* Fixed Syck DefaultKey infecting ruby-format specifications.
* `gem uninstall a b` no longer stops if gem "a" is not installed.
RubyGems 1.8.10 contains a security fix that prevents malicious gems
from
executing code when their specification is loaded. See https://github.com/rubygems/rubygems/pull/165 for details.
* 5 bug fixes:
* RubyGems escapes strings in ruby-format specs using #dump instead of #to_s
and %q to prevent code injection. Issue #165 by Postmodern
* RubyGems attempt to activate the psych gem now to obtain bugfixes
from
psych.
* Gem.dir has been restored to the front of Gem.path. Fixes remaining
problem with Issue #115
* Fixed Syck DefaultKey infecting ruby-format specifications.
* `gem uninstall a b` no longer stops if gem "a" is not installed.