- Update to ruby-3.1.7, see release notes.
- Apply all security patches that Canonical provides for Ubuntu-20.04 because version 1.1.1 is out of maintanence from the OpenSSL project:
- CVE-2024-2511
- CVE-2024-4741
- CVE-2024-5535
- CVE-2024-9143
- CVE-2024-13176
- Fix automatic pacman package install when using bundler-2.5.x. #396
- Fix pacman install error in parallel
bundler install -jX. #403pacmaninvocation is now serialized to avoid locking errors. - Update MSYS2 download version to 2024-12-08 for
ridk install 1. #402 - Add junction (directory link) at
<ruby>/ssl, which allows to easily find the OpenSSL certificates directory. #399 The certificates directory varies between ruby versions and the junction unifies the location. It is described in<ruby>/ssl/README-SSL.md. - Update the SSL CA certificate list.
- Remove installed gems and MSYS2 by the uninstaller per default. #408
So far the uninstaller only removed the ruby install files, but kept installed gems and MSYS2.
The old behaviour is available when running the uninstaller with option
/allfiles=no. See in the wiki. This is to prepare RubyInstaller for the Microsoft Store. - Avoid early load of etc.so allowing updates of etc.gem. #388
- Set a single key in gemrc to allow appending to this file. #388
- Update to ruby-3.1.6, see release notes.
- Update to ruby-3.1.5, see release notes.
- Update the SSL CA certificate list.
- Update to OpenSSL-1.1.1w and because version 1.1.1 is out of maintanence from the OpenSSL project apply all security patches that Canonical provides for Ubuntu-20.04:
- CVE-2023-5678
- CVE-2024-0727
- Implicit rejection as a protection against Bleichenbacher attacks
- Update the bundled MSYS2 keyring package.
- Avoid crash even if a registry key incldues inconvertible characters
- Avoid method redefinition warning in rubygems hook
- Allow setting of MSYS2 path by environment variable
MSYS2_PATH. #361 This setting is preferred over all other methods to find the MSYS2 directory.
- Update to ruby-3.1.4, see release notes.
- Update the SSL CA certificate list and to OpenSSL-1.1.1t.
- Add installer dialog to select per-user or all-users installation. See out Wiki for further description of the install modes.
- Add installer options /ALLUSERS and /CURRENTUSER for silent install. For silent install see: https://github.com/oneclick/rubyinstaller2/wiki/FAQ#user-content-silent-install
- Enable automatic private gem installation in user's home on a machine wide ruby setup, if the user doesn't have write access.
- List machine wide rubies in addition to per-user rubies at
ridk use. - Set proper permissions of MSYS /tmp directory, so that every user can create and use files, but not read or change files of other users. This is needed for a machine wide installation.
- Check or add a system wide gemrc file at every rubygems load to prevent hijacking by another user.
- Avoid UNICODE characters in TMP env var to work around issues of gcc. #320
- Restrict write permissions to the installing user.
For several reasons we use
C:/RubyXXXdirecory by default but notC:/Program Files(see: oneclick/rubyinstaller#135 ). Using an install path underC:/previously inherited write permissions for everyone, which compromised security in a multi user environment. ridk useAdd options to store the change permanently in the user or system environment variables. #314
- Update to ruby-3.1.3, see release notes.
- Update of the SSL CA certificate list.
- Update the bundled MSYS2 keyring package.
- Fix start menu entry for rubygems-server and irb.
- Run the ruby command prompt in the start menu with
ridk enable. - Update the start menu entry with the newly installed ruby version. They kept the old ruby version previously.
- Fix irb hook in ruby-3.1, which re-encodes
.irb_historyto UTF-8 on demand. - Fix possible crash in
ridk use. #291
- No longer create registry keys under
Software\RubyInstaller\MRI\<RubyVersion>. #242 They weren't used any longer and didn't distinguish between 32 and 64-bit versions. - No longer install the 32 bit but only the 64 bit version of MSYS2 as part of
ridk install. It is still possible to get a pure 32-bit MSYS2 and Ruby installation by using the 32-bit RubyInstaller+Devkit package. - The file
<ruby>\bin\ruby_builtin_dlls\libssp-0.dllis no longer shipped as part of RubyInstaller. It is no longer needed with the latest gcc, but previously installed gems with extensions link to this DLL. The dependency tolibssp-0.dllis currently still fulfilled by the bundled MSYS2 distribution. To re-compile the gem without this DLLgem pristine --extensionscan be used.
- Update to ruby-3.1.2, see release notes.
- Update of the SSL CA certificate list.
- Update the bundled MSYS2 keyring package.
- No longer respond to MSYSTEM environment variable for setting a cross build environment. #269
- Update to ruby-3.1.1, see release notes.
- Fix a runtime error when running CGI in WEBrick http server. #260
- Backport a patch for Reline to fix AltGr on European keyboards. #259
This is the first release based on ruby-3.1.0: https://www.ruby-lang.org/en/news/2021/12/25/ruby-3-1-0-released/
Changes compared to RubyInstaller-3.0.3-1
- Change C-runtime from MSVCRT to UCRT of x64 version.
See the feature request here: https://bugs.ruby-lang.org/issues/17845
UCRT is the modern C-runtime of Windows replacing the legacy MSVCRT.
There are several platform strings that change with the new release.
They are summarized here: ruby/ruby#4599
In particular the ruby and gem platform is now "x64-mingw-ucrt" instead of "x64-mingw32" and the MSYS2 package prefix is now
mingw-w64-ucrt-x86_64-. - No longer require fiddle before booting Rubygems, but use the new C-extension "win32/dll_directory". Fixes #251