=== 1.8.10 / 2011-08-25
RubyGems 1.8.10 contains a security fix that prevents malicious gems from
executing code when their specification is loaded. See
rubygems/rubygems#165 for details.
* 5 bug fixes:
* RubyGems escapes strings in ruby-format specs using #dump instead of #to_s
and %q to prevent code injection. Issue #165 by Postmodern
* RubyGems attempt to activate the psych gem now to obtain bugfixes from
* Gem.dir has been restored to the front of Gem.path. Fixes remaining
problem with Issue #115
* Fixed Syck DefaultKey infecting ruby-format specifications.
* `gem uninstall a b` no longer stops if gem "a" is not installed.