NewsWarning: Check Your RubyGems

Warning: Check Your RubyGems content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Developers who have recently downloaded Gems from should double-check their code. The website managers say they discovered and patched two security vulnerabilities that could have allowed hackers to replace.gem files they hosted with a different file that had the same name. The team says they verified all files updated after Feb. 8, 2015 and didn’t find any problems, but it is better to be safe than sorry.

“On April 2, 2016, the security team was made aware of a vulnerability that allowed an unauthorized user to update existing gem files for existing gem versions in certain circumstances,” blogged David Radcliffe, the lead developer of the RubyGems infrastructure project. He added that the vulnerability has been patched.

View article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories