dcsimg
October 23, 2018
Hot Topics:

Warning: Check Your RubyGems

  • April 8, 2016
  • By Developer.com Staff

Developers who have recently downloaded Gems from RubyGems.org should double-check their code. The website managers say they discovered and patched two security vulnerabilities that could have allowed hackers to replace.gem files they hosted with a different file that had the same name. The RubyGems.org team says they verified all files updated after Feb. 8, 2015 and didn't find any problems, but it is better to be safe than sorry.

"On April 2, 2016, the RubyGems.org security team was made aware of a vulnerability that allowed an unauthorized user to update existing gem files for existing gem versions in certain circumstances," blogged David Radcliffe, the lead developer of the RubyGems infrastructure project. He added that the vulnerability has been patched.

View article






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that developer.com may send you developer offers via email, phone and text message, as well as email offers about other products and services that developer believes may be of interest to you. developer will process your information in accordance with the Quinstreet Privacy Policy.

Sitemap

Thanks for your registration, follow us on our social networks to keep up-to-date