Security | RubyGems.org | your community gem host

<!DOCTYPE html> <html lang="en"> <head> <title>Security | RubyGems.org | your community gem host</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"> <meta name="google-site-verification" content="AuesbWQ9MCDMmC1lbDlw25RJzyqWOcDYpuaCjgPxEZY" /> <link rel="apple-touch-icon" href="/apple-touch-icons/apple-touch-icon.png" /> <link rel="apple-touch-icon" sizes="57x57" href="/apple-touch-icons/apple-touch-icon-57x57.png" /> <link rel="apple-touch-icon" sizes="72x72" href="/apple-touch-icons/apple-touch-icon-72x72.png" /> <link rel="apple-touch-icon" sizes="76x76" href="/apple-touch-icons/apple-touch-icon-76x76.png" /> <link rel="apple-touch-icon" sizes="114x114" href="/apple-touch-icons/apple-touch-icon-114x114.png" /> <link rel="apple-touch-icon" sizes="120x120" href="/apple-touch-icons/apple-touch-icon-120x120.png" /> <link rel="apple-touch-icon" sizes="144x144" href="/apple-touch-icons/apple-touch-icon-144x144.png" /> <link rel="apple-touch-icon" sizes="152x152" href="/apple-touch-icons/apple-touch-icon-152x152.png" /> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icons/apple-touch-icon-180x180.png" /> <link rel="mask-icon" href="/rubygems_logo.svg" color="#e9573f"> <link rel="fluid-icon" href="/fluid-icon.png"/> <link rel="search" type="application/opensearchdescription+xml" title="RubyGems.org" href="/opensearch.xml"> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"> <link rel="stylesheet" href="/assets/hammy-2078e743.css" /> <link rel="stylesheet" href="/assets/tailwind-12cd565e.css" data-turbo-track="reload" /> <link href="https://fonts.gstatic.com" rel="preconnect" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700&display=swap" rel="stylesheet" type="text/css"> <link rel="alternate" type="application/atom+xml" href="https://feeds.feedburner.com/gemcutter-latest" title="RubyGems.org | Latest Gems"> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="ia1XWTfoT4URcOPaMd9IsDa3cKFKyQEMFdtUSkvtdMzIbG7Sfdy98BcRyHz5Ax_XB2fQ4L1sVzuemoVKFMgdPg" /> <script type="importmap" data-turbo-track="reload">{ "imports": { "jquery": "/assets/jquery-15a62848.js", "@rails/ujs": "/assets/@rails--ujs-2089e246.js", "application": "/assets/application-2e68772c.js", "@hotwired/turbo-rails": "/assets/turbo.min-fae85750.js", "@hotwired/stimulus": "/assets/@hotwired--stimulus-132cbc23.js", "@hotwired/stimulus-loading": "/assets/stimulus-loading-1fc53fe7.js", "@stimulus-components/clipboard": "/assets/@stimulus-components--clipboard-d9c44ea9.js", "@stimulus-components/dialog": "/assets/@stimulus-components--dialog-74866932.js", "@stimulus-components/reveal": "/assets/@stimulus-components--reveal-77f6cb39.js", "@stimulus-components/checkbox-select-all": "/assets/@stimulus-components--checkbox-select-all-e7db6a97.js", "github-buttons": "/assets/github-buttons-3337d207.js", "webauthn-json": "/assets/webauthn-json-74adc0e8.js", "avo.custom": "/assets/avo.custom-6c281208.js", "stimulus-rails-nested-form": "/assets/stimulus-rails-nested-form-3f712873.js", "local-time": "/assets/local-time-a331fc59.js", "src/oidc_api_key_role_form": "/assets/src/oidc_api_key_role_form-4be5b362.js", "src/pages": "/assets/src/pages-dadbeada.js", "src/transitive_dependencies": "/assets/src/transitive_dependencies-b10fcc2e.js", "src/webauthn": "/assets/src/webauthn-2dadaa59.js", "controllers/application": "/assets/controllers/application-cfc24d46.js", "controllers/autocomplete_controller": "/assets/controllers/autocomplete_controller-226b74d2.js", "controllers/counter_controller": "/assets/controllers/counter_controller-0d6816db.js", "controllers/dialog_controller": "/assets/controllers/dialog_controller-8ea4210d.js", "controllers/dropdown_controller": "/assets/controllers/dropdown_controller-3303a695.js", "controllers/dump_controller": "/assets/controllers/dump_controller-d98655bf.js", "controllers/exclusive_checkbox_controller": "/assets/controllers/exclusive_checkbox_controller-37e9aee8.js", "controllers/gem_scope_controller": "/assets/controllers/gem_scope_controller-53c91b5e.js", "controllers": "/assets/controllers/index-c3f5d3c4.js", "controllers/nav_controller": "/assets/controllers/nav_controller-160990e9.js", "controllers/onboarding_name_controller": "/assets/controllers/onboarding_name_controller-269565d4.js", "controllers/radio_reveal_controller": "/assets/controllers/radio_reveal_controller-141a7658.js", "controllers/recovery_controller": "/assets/controllers/recovery_controller-d2c3194e.js", "controllers/reveal_controller": "/assets/controllers/reveal_controller-e9860d20.js", "controllers/reveal_search_controller": "/assets/controllers/reveal_search_controller-37382e84.js", "controllers/scroll_controller": "/assets/controllers/scroll_controller-046a9677.js", "controllers/search_controller": "/assets/controllers/search_controller-64a75d53.js", "controllers/stats_controller": "/assets/controllers/stats_controller-cff5134c.js" } }</script> <link rel="modulepreload" href="/assets/jquery-15a62848.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/@rails--ujs-2089e246.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/application-2e68772c.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/turbo.min-fae85750.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/@hotwired--stimulus-132cbc23.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/stimulus-loading-1fc53fe7.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/@stimulus-components--clipboard-d9c44ea9.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/@stimulus-components--dialog-74866932.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/@stimulus-components--reveal-77f6cb39.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/@stimulus-components--checkbox-select-all-e7db6a97.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/github-buttons-3337d207.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/webauthn-json-74adc0e8.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/local-time-a331fc59.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/src/oidc_api_key_role_form-4be5b362.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/src/pages-dadbeada.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/src/transitive_dependencies-b10fcc2e.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/src/webauthn-2dadaa59.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/application-cfc24d46.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/autocomplete_controller-226b74d2.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/counter_controller-0d6816db.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/dialog_controller-8ea4210d.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/dropdown_controller-3303a695.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/dump_controller-d98655bf.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/exclusive_checkbox_controller-37e9aee8.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/gem_scope_controller-53c91b5e.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/index-c3f5d3c4.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/nav_controller-160990e9.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/onboarding_name_controller-269565d4.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/radio_reveal_controller-141a7658.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/recovery_controller-d2c3194e.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/reveal_controller-e9860d20.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/reveal_search_controller-37382e84.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/scroll_controller-046a9677.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/search_controller-64a75d53.js" nonce="69afbbdbc57c52113145a158919f76cc"> <link rel="modulepreload" href="/assets/controllers/stats_controller-cff5134c.js" nonce="69afbbdbc57c52113145a158919f76cc"> <script type="module" nonce="69afbbdbc57c52113145a158919f76cc">import "application"</script> </head> <body data-turbo="true" class="bg-neutral-050 dark:bg-neutral-950"> <div class="min-h-screen flex flex-col">  <header class="bg-white dark:bg-black">  <div class="py-4 px-8 border-b border-neutral-400 dark:border-neutral-800"> <div class="flex flex-wrap justify-between max-w-screen-xl mx-auto" data-controller="reveal-search" data-reveal-search-toggle-class="bg-neutral-200 dark:bg-neutral-800 text-neutral-800 dark:text-neutral-200 border">  <div class="flex flex-row items-center xl:mr-auto" data-controller="dialog">  <button data-action="dialog#open" data-dialog-target="button" aria-label="Open menu" class="px-2 py-1 w-10 h-9 mr-3 items-center rounded text-white bg-orange hover:bg-orange-600 dark:bg-orange-600 dark:hover:bg-orange-700 lg:hidden focus:outline-none"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current " height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#menu" /></svg> </button>  <a title="RubyGems" class="flex h-8 items-center text-orange text-b1" href="/"> <svg class="h-8 w-8 flex-shrink-0 stroke-current stroke-0 fill-current w-7 h-7 lg:w-8 lg:h-8" aria-label="RubyGems Home" height="32" width="32" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#logo" /></svg> <span class="hidden sm:flex ml-1 text-h5 text-orange">RubyGems</span> </a>  <nav class="hidden lg:flex flex-row ml-7 items-center justify-end text-b2 text-neutral-800 dark:text-white leading-7"> <a class="lowercase hover:text-neutral-600 dark:hover:text-neutral-400" href="https://blog.rubygems.org">Blog</a> <a class="ml-7 lowercase hover:text-neutral-600 dark:hover:text-neutral-400" href="/stats">Stats</a> <a class="ml-7 lowercase hover:text-neutral-600 dark:hover:text-neutral-400" href="https://guides.rubygems.org/command-reference/#gem-install">Docs</a>  <div class="flex relative ml-7" data-controller="dropdown"> <button data-action="dropdown#toggle click@window->dropdown#hide" class="flex items-center text-neutral-900 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 focus:outline-none lowercase"> <span>About</span> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current " height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#arrow-drop-down" /></svg> </button>  <div data-dropdown-target="menu" class="z-50 hidden absolute -left-4 top-8 bg-white dark:bg-black border border-neutral-200 dark:border-neutral-800 rounded shadow-lg text-b2 text-neutral-700 dark:text-neutral-300 divide-y divide-neutral-200 dark:divide-neutral-800"> <a data-reveal-target="item" class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/pages/about">RubyGems.org</a> <a data-reveal-target="item" class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="https://status.rubygems.org">Status</a> <a data-reveal-target="item" class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/pages/data">Data</a> <a data-reveal-target="item" class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/pages/security">Security</a> <a data-reveal-target="item" class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="mailto:support@rubygems.org">Help</a> </div> </div>  <div class="flex relative ml-5" data-controller="dropdown"> <button data-action="dropdown#toggle click@window->dropdown#hide" class="flex items-center text-neutral-900 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 focus:outline-none"> <svg class="h-5 w-5 flex-shrink-0 stroke-current stroke-0 fill-current " height="20" width="20" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#language" /></svg> <span class="ml-1 text-b3 uppercase">en</span> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current " height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#arrow-drop-down" /></svg> </button>  <div data-dropdown-target="menu" class="z-50 hidden absolute flex-row -left-4 top-8 bg-white dark:bg-black border border-neutral-200 dark:border-neutral-800 rounded shadow-lg text-b2 text-neutral-700 dark:text-neutral-300 divide-y divide-neutral-200 dark:divide-neutral-800"> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=en">English</a> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=nl">Nederlands</a> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=zh-CN">简体中文</a> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=zh-TW">正體中文</a> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=pt-BR">Português do Brasil</a> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=fr">Français</a> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=es">Español</a> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=de">Deutsch</a> <a class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=ja">日本語</a> </div> </div> </nav>  <dialog data-dialog-target="dialog" data-action="click->dialog#backdropClose" role="dialog" aria-modal="true" class="fixed left-0 top-0 h-full w-screen max-h-full max-w-screen bg-white bg-opacity-20 z-50 overflow-hidden"> <div class="h-full w-72 bg-white dark:bg-black overflow-y-auto border-r border-neutral-400 dark:border-neutral-800 shadow-[5px_0px_9px_3px_rgba(0,0,0,0.10)]">  <div class="flex flex-row items-center px-8 py-4 border-b border-neutral-400 dark:border-neutral-800">  <button data-action="dialog#close" aria-label="Close menu" class="px-2 py-1 w-10 h-9 mr-3 rounded text-white bg-orange dark:bg-orange-600 hover:bg-orange-700 dark:hover:bg-orange-700 focus:outline-none items-center"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current " height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#close" /></svg> </button>  <a title="RubyGems" class="flex h-8 items-center text-orange text-b1" href="/"> <svg class="h-8 w-8 flex-shrink-0 stroke-current stroke-0 fill-current w-7 h-7 lg:w-8 lg:h-8" aria-label="RubyGems Home" height="32" width="32" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#logo" /></svg> <span class="ml-1 text-h5 lg:text-h4 text-orange">RubyGems</span> </a> </div>  <nav class="flex flex-col py-6 text-left text-b2 text-neutral-900 dark:text-white"> <a class="px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="https://blog.rubygems.org">Blog</a> <a class="px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/stats">Stats</a> <a class="px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="https://guides.rubygems.org/command-reference/#gem-install">Docs</a>  <div data-controller="reveal" data-reveal-toggle-class="rotate-180" class="flex flex-col"> <button class="flex items-center px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 focus:outline-none justify-between" data-action="reveal#toggle" data-reveal-target="button"> <span>About</span> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current transition-transform transform" data-reveal-target="toggle" height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#keyboard-arrow-down" /></svg> </button> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/pages/about">RubyGems.org</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="https://status.rubygems.org">Status</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/pages/data">Data</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/pages/security">Security</a> <a data-reveal-target="item" class="mb-4 hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="mailto:support@rubygems.org">Help</a> </div>  <div class="flex flex-col" data-controller="reveal" data-reveal-toggle-class="rotate-180"> <button class="flex items-center px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 focus:outline-none justify-between" data-action="reveal#toggle" data-reveal-target="button"> <span class="flex items-center"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current " height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#language" /></svg> <span class="mx-2 text-b2 uppercase">en</span> </span> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current transition-transform transform" data-reveal-target="toggle" height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#keyboard-arrow-down" /></svg> </button> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=en">English</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=nl">Nederlands</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=zh-CN">简体中文</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=zh-TW">正體中文</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=pt-BR">Português do Brasil</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=fr">Français</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=es">Español</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=de">Deutsch</a> <a data-reveal-target="item" class="hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" href="/pages/security?locale=ja">日本語</a> </div> </nav> </div> </dialog> </div>  <div class="ml-auto flex flex-row items-center xl:ml-0 xl:order-3">  <button type="button" data-action="reveal-search#toggle" data-reveal-search-target="toggle" aria-label="Open search" class="flex xl:hidden h-9 w-9 box-border text-neutral-800 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 items-center justify-center rounded border-neutral-300 dark:border-neutral-700"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current h-6 w-6" height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#search" /></svg> </button>  <div class="ml-3 flex text-neutral-900 dark:text-white hover:text-black dark:hover:text-neutral-400 items-center" data-controller="dialog"> <div class="hidden md:flex text-nowrap"> <a class="text-nowrap no-underline rounded inline-flex border-box justify-content-center items-center hover:shadow-md disabled:bg-neutral-200 disabled:border-neutral-200 disabled:text-neutral-600 dark:disabled:bg-neutral-800 dark:disabled:border-neutral-800 dark:disabled:text-neutral-600 disabled:cursor-default disabled:hover:shadow-none transition duration-200 ease-in-out focus:outline-none text-orange-900 bg-orange-200 hover:bg-orange-300 active:bg-orange-300 dark:text-white dark:bg-orange-800 dark:hover:bg-orange-900 dark:active:bg-orange-900 px-4 py-3 h-9 min-h-9 text-b3 " href="/sign_in">Sign in</a> <a class="text-nowrap no-underline rounded inline-flex border-box justify-content-center items-center hover:shadow-md disabled:bg-neutral-200 disabled:border-neutral-200 disabled:text-neutral-600 dark:disabled:bg-neutral-800 dark:disabled:border-neutral-800 dark:disabled:text-neutral-600 disabled:cursor-default disabled:hover:shadow-none transition duration-200 ease-in-out focus:outline-none text-white bg-orange-500 hover:bg-orange-600 active:bg-orange-600 dark:bg-orange-500 dark:hover:bg-orange-700 dark:active:bg-orange-700 px-4 py-3 h-9 min-h-9 text-b3 ml-3" href="/sign_up">Sign up</a> </div> <a class="-mr-1 p-1 md:hidden text-neutral-800 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 " href="/sign_up"> <svg class="h-7 w-7 flex-shrink-0 stroke-current stroke-0 fill-current " height="28" width="28" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#account-box" /></svg> </a> <dialog data-dialog-target="dialog" data-action="click->dialog#backdropClose" class="fixed m-0 inset-0 py-16 px-8 z-50 w-full h-full max-w-screen max-h-screen bg-white bg-opacity-20 p-0 ems-start justify-center sm:justify-right" > <div class="max-w-screen-xl mx-auto flex items-center relative">  <div class="w-full sm:absolute sm:top-0 sm:right-0 sm:max-w-sm bg-white dark:bg-black rounded-lg shadow-xl shadow-black/10 max-h-[90vh] overflow-y-auto dark:border dark:border-neutral-800 flex flex-col px-4 py-4 text-b2 text-left text-neutral-900 dark:text-white" >  <div class="flex justify-between items-center"> <h2 class="flex h-7 lg:h-8 lg:mb-0 items-center space-x-1 text-orange text-b1"> <svg class="h-8 w-8 flex-shrink-0 stroke-current stroke-0 fill-current w-6 h-6" height="32" width="32" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#logo" /></svg> <span class="text-h5 text-orange">RubyGems</span> <h2> <button data-action="dialog#close" class="h-8 w-8 items-center justify-center outline-none"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current w-6 h-6" aria-label="Close profile modal" height="24" width="24" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#close" /></svg> </button> </div>  <nav class="flex flex-col py-6 text-left text-b2 text-neutral-900 dark:text-white border-b border-neutral-400 dark:border-neutral-800"> <a class="px-6 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/dashboard">Profile</a> <a class="px-6 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/profile/edit">Edit profile</a> <a class="px-6 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" href="/settings/edit">Settings</a> </nav> <a class="w-full my-8 px-4 py-2 text-b2 rounded border border-black dark:border-white bg-white dark:bg-black hover:bg-neutral-100 dark:hover:bg-neutral-800 text-black dark:text-white text-center" rel="nofollow" data-method="delete" href="/sign_out">Sign out</a> </div> </div> </dialog> </div> </div>  <div data-reveal-search-target="item" class="hidden pt-4 w-full items-center xl:flex xl:pt-0 xl:w-72 xl:order-2" role="search"> <form data-controller="autocomplete" data-autocomplete-selected-class="bg-neutral-100 dark:bg-neutral-800" data-reveal-target="item" class="relative w-full items-center" role="search" action="/search" accept-charset="UTF-8" method="get"> <input type="search" name="query" id="query" placeholder="Search Gems…" class="w-full md h-9 pr-12 bg-neutral-200 dark:bg-neutral-800 text-neutral-800 dark:text-neutral-200 rounded border-neutral-300 dark:border-neutral-700 box-border outline-none focus:ring-0 focus:border-neutral-500" autocomplete="off" aria-autocomplete="list" data-autocomplete-target="query" data-action="autocomplete#suggest keydown.down->autocomplete#next keydown.up->autocomplete#prev keydown.esc->autocomplete#hide keydown.enter->autocomplete#clear click@window->autocomplete#hide focus->autocomplete#suggest blur->autocomplete#hide" data-reveal-search-target="input" /> <ul role="listbox" data-autocomplete-target="suggestions" class="hidden absolute z-40 start-0 mt-2 w-full bg-white dark:bg-black text-b2 text-neutral-800 dark:text-neutral-200 border border-neutral-200 dark:border-neutral-800 rounded shadow-md divide-y divide-neutral-200 dark:divide-neutral-800"></ul> <template id="suggestion" data-autocomplete-target="template"> <li class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" role="option" tabindex="-1" data-autocomplete-target="item" data-action="click->autocomplete#choose mouseover->autocomplete#highlight"></li> </template> <label id="querylabel" for="query"> <span class="hidden">Search Gems…</span> </label> <button type="submit" id="search_submit" aria-labelledby="querylabel" class="absolute end-[1px] top-[1px] p-[5px] text-neutral-900 dark:text-white focus:outline-none border-l border-neutral-300 dark:border-neutral-700 hover:text-neutral-600 dark:hover:text-neutral-400 rounded-r"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current h-6 w-6" height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#search" /></svg> </button> </form> </div> </div> </div>  <div class="hidden lg:block w-full px-8 py-1 lg:pb-8 bg-neutral-050 dark:bg-neutral-950 text-neutral-800 dark:text-white"> <div class="max-w-screen-xl mx-auto flex items-center"> <nav class="flex justify-start items-center text-b2" aria-label="Breadcrumb">  <a class="inline-block p-1 -ml-1 hover:text-neutral-600 dark:hover:text-neutral-400" title="Home" aria-label="Home" href="/"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current " height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#house-siding" /></svg> </a> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current text-neutral-600 dark:text-neutral-700 fill-neutral-600 dark:fill-neutral-700" aria-hidden="true" height="24" width="24" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#chevron-right" /></svg>  <span class="inline-block p-1 text-black dark:text-white font-semibold" aria-current="page">Security</span> </nav> </div> </div> </header>  <main class="flex-1 w-full px-8 flex-col bg-neutral-050 dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center inline-flex"> <div class="max-w-screen-xl w-full mx-auto pt-8 pb-10 mb-12 md:mb-16 lg:mb-28">  <p data-controller="reveal" data-reveal-target="item" class="flex flex-row items-center p-4 mb-10 rounded border text-b2 border-neutral-500 bg-neutral-200 text-neutral-800 dark:bg-neutral-900 dark:text-white justify-between"><span class="flex flex-row items-center"><svg class="h-8 w-8 flex-shrink-0 stroke-current stroke-0 fill-current fill-neutral-800 dark:fill-neutral-500 mr-3 h-8 w-8" height="32" width="32" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#arrow-circle-right" /></svg><span class="align-middle"> Design Under Construction. <a href="https://blog.rubygems.org/2024/10/15/our-new-design.html" class="text-blue-500 dark:text-blue-400 text-nowrap">Learn more</a> </span></span><button data-action="click->reveal#hide" title="Hide" class="h-8 w-8 ml-6 items-center justify-center outline-none"><svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current w-6 h-6" aria-label="Hide" height="24" width="24" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#close" /></svg></button></p> <div class=" prose prose-neutral dark:prose-invert prose-lg md:prose-xl max-w-prose mx-auto prose-headings:font-semibold"> <p> Found a security issue with RubyGems or RubyGems.org? Please follow these steps to report it. </p> <h2>Reporting a security issue</h2> <p> Before continuing, please ensure this is a security issue for the RubyGems client or the RubyGems.org service. For all vulnerabilities with individual gems, follow our guide on <a href="https://guides.rubygems.org/security/#reporting-security-vulnerabilities"> reporting security issues</a> with others' gems. If it's a security issue with the Ruby on Rails framework, see the <a href="https://rubyonrails.org/security/"> Rails Security</a> guide. </p> <p> <strong> For any security bug or issue with the RubyGems client or RubyGems.org service, please email <a href="mailto:security@rubygems.org"> security@rubygems.org</a> with details about the problem or submit a report using <a href="https://hackerone.com/rubygems">HackerOne</a>. The <a href="https://github.com/rubygems/rubygems">RubyGems</a> client library is in scope for bounty reward. You can read the details of the bounty program on the <a href="https://hackerone.com/rubygems">RubyGems HackerOne page</a>. </strong> </p> <p> <strong> If you find a compromised or malicious gem, please consider it as a security issue: please email <a href="mailto:security@rubygems.org">security@rubygems.org</a> with the gem name or submit a report using <a href="https://hackerone.com/rubygems">HackerOne</a>. Note that it is not in scope for bounty reward. </strong> </p> <p> <small> Please note: the <a href="https://groups.google.com/forum/#!forum/rubygems-developers"> rubygems-developers mailing list</a>, the <a href="https://groups.google.com/forum/#!forum/rubygems-org">rubygems.org mailing list</a>, and the <a href="ircs://irc.freenode.net:6697/#rubygems"> #rubygems</a> IRC channel are public areas. If escalating to these places, please do not discuss your issue, simply say that you’re trying to get a hold of someone from the security team. Thanks in advance for responsibly disclosing your security issue. </small> </p> <h2>Reporting RubyGems.org Website Problems</h2> <p> If you're having trouble pushing a gem, or otherwise need help with your RubyGems.org account, please <a href="mailto:support@rubygems.org"> open a new help issue</a>. </p> <p> For bugs or other problems with RubyGems.org, please use the <a href="https://github.com/rubygems/rubygems.org/issues">RubyGems.org issue tracker</a> to open a new issue. </p> <h2>Disclosure Policy</h2> <p> RubyGems and RubyGems.org follow a 5 step disclosure policy: </p> <ol> <li> Security report received and is assigned a primary handler. This person will coordinate the fix and release process. </li> <li> Problem is confirmed and, a list of all affected versions is determined. Code is audited to find any potential similar problems. </li> <li> Fixes are prepared for all releases which are still supported. These fixes are not committed to the public repository but rather held locally pending the announcement. </li> <li> A suggested embargo date for this vulnerability is chosen. </li> <li> On the embargo date, the <a href="https://groups.google.com/forum/#!forum/rubygems-developers"> rubygems-developers mailing list</a> is sent an announcement. This will include patches for all versions still under support. The changes are pushed to the public repository and new gems released to rubygems. At least 6 hours after the mailing list is notified, a copy of the advisory will be published on the <a href="https://blog.rubygems.org/"> RubyGems.org blog</a>. </li> </ol> <p> This process can take some time, especially when coordination is required with maintainers of other projects. Every effort will be made to handle the bug in as timely a manner as possible, however it’s important that we follow the release process above to ensure that the disclosure is handled in a consistent manner. </p> <h2>Receiving Security Updates</h2> <p> The best way to receive all the security announcements is to subscribe to the <a href="https://groups.google.com/forum/#!forum/rubygems-developers"> rubygems-developers mailing list</a>. </p> <p> No one outside the core team or the initial reporter will be notified prior to the lifting of the embargo. We regret that we cannot make exceptions to this policy for high traffic or important sites, as any disclosure beyond the minimum required to coordinate a fix could cause an early leak of the vulnerability. </p> <h2>Comments on this Policy</h2> <p> If you have any suggestions to improve this policy, please send an email to <a href="mailto:security@rubygems.org"> security@rubygems.org</a> or <a href="https://github.com/rubygems/rubygems.org/issues"> open an issue on GitHub</a>. Thanks! </p> </div> </div> </main>  <footer> <div class="w-full px-8 py-8 bg-orange-100 dark:bg-orange-950 text-neutral-800 dark:text-neutral-200">  <div class="max-w-screen-xl mx-auto flex flex-col md:flex-row justify-between"> <nav class="mb-4 md:mb-0 justify-start"> <ul class="flex flex-col md:flex-row md:space-x-8 text-b1 md:text-b2"> <li><a class="hover:text-neutral-600" href="/pages/about">About</a></li> <li><a class="hover:text-neutral-600" href="https://guides.rubygems.org/command-reference/#gem-install">Docs</a></li> <li><a class="hover:text-neutral-600" href="https://status.rubygems.org">Status</a></li> <li><a class="hover:text-neutral-600" href="/pages/security">Security</a></li> <li><a class="hover:text-neutral-600" href="mailto:support@rubygems.org">Help</a></li> </ul> </nav> <div class="flex space-x-4"> <a href="https://github.com/rubygems/rubygems.org"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current " height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#github" /></svg> </a> <a href="https://ruby.social/users/rubygems"> <svg class="h-6 w-6 flex-shrink-0 stroke-current stroke-0 fill-current " height="24" width="24" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#mastodon" /></svg> </a> </div> </div> </div> <div class="w-full px-6 bg-orange-200 dark:bg-orange-900 text-neutral-900 dark:text-neutral-100">  <div class="flex flex-col lg:flex-row max-w-screen-xl mx-auto py-6 items-center justify-between">  <p class="mb-6 lg:mb-0 lg:mr-14 lg:w-52 text-b2 leading-6 text-balance"> <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a> is supported by </p>  <div class="w-full lg:grow mx-auto grid grid-cols-3 gap-6 justify-items-center md:flex md:items-center md:justify-between"> <a href="https://rubycentral.org/" class="p-1"><svg class="h-15 w-15 flex-shrink-0 stroke-current stroke-0 fill-current " height="60" width="60" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#ruby-central" /></svg></a> <a href="https://dnsimple.link/resolving-rubygems" class="p-1"><svg class="h-15 w-15 flex-shrink-0 stroke-current stroke-0 fill-current " height="60" width="60" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#dnsimple" /></svg></a> <a href="https://www.datadoghq.com/" class="p-1"><svg class="h-15 w-15 flex-shrink-0 stroke-current stroke-0 fill-current " height="60" width="60" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#datadog" /></svg></a> <a href="https://www.fastly.com/" class="p-1"><svg class="h-15 w-15 flex-shrink-0 stroke-current stroke-0 fill-current " height="60" width="60" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#fastly" /></svg></a> <a href="https://www.honeybadger.io/" class="p-1"><svg class="h-15 w-15 flex-shrink-0 stroke-current stroke-0 fill-current " height="60" width="60" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#honeybadger" /></svg></a> <a href="https://domainr.com/" class="p-1"><svg class="h-15 w-15 flex-shrink-0 stroke-current stroke-0 fill-current " height="60" width="60" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#domainr" /></svg></a> <a href="https://mend.io/" class="col-start-2 p-1"><svg class="h-15 w-15 flex-shrink-0 stroke-current stroke-0 fill-current " height="60" width="60" aria-hidden="true" role="graphics-symbol"><use href="/assets/icons-46bf55ad.svg#mend-io" /></svg></a> </div> </div> </div> </footer> </div> </body> </html>

CINXE.COM

Security | RubyGems.org | your community gem host