diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-10-11 13:48:14 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-10-11 13:48:14 +0000 |
commit | 1281e56682692859e726e24fff30e44aac6f948b (patch) | |
tree | 5204d7803a0a54bad202117675086ed2eed6532b /lib/rubygems.rb | |
parent | edda79257537a37a679b7c3a066243ff4123b0d5 (diff) |
merge revision(s) 60149: [Backport #14003]
Merge rubygems-2.6.14 changes.
It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@60168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/rubygems.rb')
-rw-r--r-- | lib/rubygems.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/rubygems.rb b/lib/rubygems.rb index 55aa85b8b2..0685bcb3c6 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -10,7 +10,7 @@ require 'rbconfig' require 'thread' module Gem - VERSION = "2.6.13" + VERSION = "2.6.14" end # Must be first since it unloads the prelude from 1.9.2 @@ -675,7 +675,7 @@ An Array (#{env.inspect}) was passed in from #{caller[3]} unless test_syck begin - gem 'psych', '>= 1.2.1' + gem 'psych', '>= 2.0.0' rescue Gem::LoadError # It's OK if the user does not have the psych gem installed. We will # attempt to require the stdlib version @@ -699,6 +699,7 @@ An Array (#{env.inspect}) was passed in from #{caller[3]} end require 'yaml' + require 'rubygems/safe_yaml' # If we're supposed to be using syck, then we may have to force # activate it via the YAML::ENGINE API. |