RubyGems is not vulnerable to the xz/liblzma backdoor - RubyGems Blog
The past few days have seen the security world focused on the revelation of the xz/liblzma backdoor. For more background, see this early writeup of the issue, this GitHub Gist, this detailed timeline, and the official detail page for CVE-2024-3094.In response to the backdoor becoming public, we have done an internal audit not just of the software used to run RubyGems.org itself, but also every gem that has ever been published.We are happy to report that RubyGems.org is not vulnerable to this issue. Furthermore, we are happy to confirm that no gem currently published on RubyGems.org contains the vulnerable liblzma library.
RubyGems is not vulnerable to the xz/liblzma backdoor - RubyGems Blog #ruby #rubydeveloper #rubyonrails #blog https://rubyonrails.ba/single/rubygems-is-not-vulnerable-to-the-xz-liblzma-backdoor-rubygems-blog
Nezir Zahirovic
Contractor Ruby On Rails (8+ years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)
