Categories Company News

AppNeta Rubygems Verified

AppNeta no longer blogs on DevOps topics like this one.

Feel free to enjoy it, and check out what we can do for monitoring end user experience of the apps you use to drive your business at www.appneta.com.

Yesterday, Rubygems found a gem with an exploit to execute arbitrary code, copy config files with passwords and auto-post them onto pastie.org.

The community suspects that some gems on rubygems.org may have been re-written with the exploit code so everyone has been verifying gems.

AppNeta Verifies Rubygems

We’ve verified all of the AppNeta oboe gems (404 until Rubygems is back online) on rubygems.org from version 1.3.0 and up. All checkout and match what we have on [gem/gem-beta].tracelytics.com (and what we have locally) so our customers should be unaffected. We’ll check them periodically this week.

In case you’re still uncomfortable with using rubygems.org, we also host all versions of the oboe gem at gem.tracelytics.com as an alternative.

Additional Rubygems Information

For additional information about this exploit, here are some links:

Peter Giacomo Lombardo: