Ruby

Ruby 1.9.2-p320 is released

Posted by NARUSE, Yui on 21 Apr 2012

Ruby 1.9.2-p320 is released.

This release include Security Fix for RubyGems: SSL server verification failure for remote repository. And many bugs are fixed in this release.

Security Fix for RubyGems: SSL server verification failure for remote repository

This release includes two security fixes in RubyGems.

  • Turn on verification of server SSL certs
  • Disallow redirects from https to http

Users who uses https source in .gemrc or /etc/gemrc are encouraged to upgrade to 1.9.2-p320 or 1.9.3-p194.

Following is excerpted from RubyGems 1.8.23 release note [1].

"This release increases the security used when RubyGems is talking to an https server. If you use a custom RubyGems server over SSL, this release will cause RubyGems to no longer connect unless your SSL cert is globally valid.

You can configure SSL certificate usage in RubyGems through the :ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc. The recommended way is to set :ssl_ca_cert to the CA certificate for your server or a certificate bundle containing your CA certification.

You may also set :ssl_verify_mode to 0 to completely disable SSL certificate checks, but this is not recommended."

Credit to John Firebaugh for reporting this issue.

[1] <URL:https://github.com/rubygems/rubygems/blob/1.8/History.txt>

Fixes

  • Security Fix for RubyGems: SSL server verification failure for remote repository
  • other bug fixes

See tickets and ChangeLog for details.

Downloads

Recent News

Ruby 3.2.11 Released

Ruby 3.2.11 has been released. This release includes an update to the zlib gem addressing CVE-2026-27820.

Posted by hsbt on 27 Mar 2026

Ruby 3.3.11 Released

Ruby 3.3.11 has been released. This release includes an update to the zlib gem addressing CVE-2026-27820, along with some bug fixes.

Posted by hsbt on 26 Mar 2026

More News...