Blog
19 Aug 2024
July 2024 RubyGems Updates
Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in July.
RubyGems News
In July, we released RubyGems 3.5.15, 3.5.16 and Bundler 2.5.15, 2.5.16. These releases brings a series of enhancements and bug fixes designed to improve the overall developer experience with RubyGems. Notable improvements included a performance enhancement by using caller_locations
instead of splitting caller
, as collecting all call locations as strings and then extracting and splitting just one was inefficient. Additionally, we resolved issues with loading nested gemrc
configuration keys when specified as symbols and implemented a file lock to safeguard the creation of binstubs
.
Some other important accomplishments from the team this month include:
Publishing a basic conformance test for all gem servers
- This update allows any gem server to be easily tested for compliance with RubyGems standards, significantly impacting both users and developers.
- The conformance test can be accessed and utilized through our GitHub repository.
Updating our OpenSearch cluster from 2.11 to 2.13
- We recently updated our OpenSearch cluster from version 2.11 to 2.13 as part of our regular maintenance routine.
- This upgrade was efficiently executed with a one-click process in our AWS console. The update ensures that our systems continue to run smoothly and benefit from the latest features and improvements. For more details on the update and its benefits, refer to the AWS OpenSearch release notes.
Confirmed protection against recent OpenSSH Bug
- Early this month, a vulnerability was discovered in certain versions of OpenSSH that could trigger remote code execution.
- The RubyGems security team promptly responded by implementing tests to ensure our software was not exposed to this threat, guaranteeing that our users and developers could continue their work without interruption.
In July, RubyGems gained 171 new commits contributed by 12 authors. They were 2,827 additions and 1,769 deletions across 113 files.
RubyGems.org News
The updates made this month to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform. Sponsored hosting for RubyGems.org in July was provided by AWS, Fastly, and DataDog. The following are highlights of what the team worked on this month:
Discontinued Auto Sign-In After Email Confirmation and Password Reset
- The primary goal for this change is to simplify login flows, reducing the likelihood of mistakes or bypasses.
- This change aligns with best practices recommended by OWASP and will enhance security and streamline the login process for both users and developers.
Presented on RubyGems.org at RedDot Ruby Conference 2024
- @colby-swandale gave a presentation on “Scaling RubyGems.org to 1 Trillion Downloads”.
- The talk was a deep dive into Ruby’s package ecosystem, exploring how RubyGems.org is maintained and the ongoing efforts of the team ensuring rubygems.org remains a healthy and sustainable platform long into the future.
- Colby discussed the latest work and improvements made to the platform and outlined plans for future enhancements.
In July, RubyGems.org gained 134 new commits contributed by 8 authors. There were 2,421 additions and 978 deletions across 167 files.
Thank you
Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.
Contributors to RubyGems:
- @jeromedalbert Jerome Dalbert
- @deivid-rodriguez David Rodríguez
- @segiddins Samuel Giddins
- @hsbt Hiroshi Shibata
- @ntkme Natsuki Times
- @moofkit Dmitriy Ivliev
- @leetking Alpha 0x00
- @nobu Nobuyoshi Nakada
- @simi Josef Šimánek
- @jasonkarns Jason Karns
- @coryspitzer Cory Spitzer
- @martinemde Martin Emde
Contributors to RubyGems.org:
- @martinemde Martin Emde
- @segiddins Samuel Giddins
- @simi Josef Šimánek
- @indirect André Arko
- @colby-swandale Colby Swandale
- @earlopain Earlopain
- @robbyrussell Robby Russell
- @jenshenny Jenny Shen
If we missed you, please let us know so we can include you in our shout out!
Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.