Support
RVM is maintained by community of volunteers, report issues to RVM issues tracker.
If you can help or wish to become one of the maintainers - just start helping. You can find more RVM related projects at RVM Github organization.
Sponsors
Carbon Ads

RVM 1.29.0 released


RVM 1.29.0 released with multiple security fixes! New rubies and binaries, few new features and a lot of bug fixes.

Justin Steven uncovered few security issues, they all are fixed now. The fixes involves important change: environment variables will not be evaluated anymore, if there is a use case for that please open a ticket and let us know what it is.

∞1.29.0

12 February 2017 - Full Changelog

Security fixes:

  • add trusting working directory hooks
  • add trusting project files with environment variables
  • prevent executing code when loading variables from project files
  • remove posibility to install gems from .versions.conf
  • do not 'bundle install' if no rvm_autoinstall_bundler_flag=1
  • install bundler only from remote server
  • handle spaces in working directory hook names
  • avoid double escaping of envirtonment variables
  • avoid extra quotation if it was used in the project file

New features:

  • Added railsexpress patches for Ruby 2.3.3 #3852
  • Add support for KDE neon #3828
  • Allow to remove undesired libraries breaking the ruby build #3851
  • Mention in PATH warnings about ability to silence them #3336
  • Expose autolibs setting in rvm info output #3892
  • Detect noexec mount mode for partition hosting RVM home #3832

Bug fixes:

  • Changed eval to source for fish 2.5.0 compatibility fish-shell#3809
  • $PATH become empty after __rvm_unload executed #3847
  • RVM incorrectly tries to install llvm 3.5 when trying to install Rubinius 3 #3848
  • Missing libyaml-devel on PCLinuxOS 64-bit #3703
  • Failing openssl.patch for Ruby 1.9.3 #3831
  • RVM hardcodes number of compile threads #3856
  • Cannot build rbx-2.5.2 on ArchLinux #3497
  • Remove incompatible version of openssl098 #3844
  • Failed to fetch the gpg key from keys.gnupg.net #3544
  • Filtering Travis binaries for OSX for non Travis env (they are statically linked and not movable) #3690
  • Remove kernel-libc-devel dependency on Solus #3881
  • Speed up loading rubies - gem version compatibility check
  • Missing cygwin32-readline package on Windows #3812
  • Installation of rbx-3.69 on macOS fails because llvm35 formula can't be found #3884
  • Ruby 2.3.x and older are not compatible with OpenSSL 1.1.x on Debian #3862
  • OpenSSL vs libressl conflict installing ruby-2.4.0 on openSUSE Tumbleweed #3906
  • Missing libgmp3-dev for Ruby 2.2 on Debian 6 #3675
  • JRuby on Arch is missing Java requirements #3539
  • rvm install 2.4 installs 2.4.0-rc1 instead of 2.4.0 #3866
  • Use libreadline-dev instead of libreadline6-dev on Debian (≥stretch) #3824
  • Warning: openssl is a keg-only and another version is linked to opt #3724
  • Fix trusting paths with duplicated //
  • Fix rvm do in relative paths

Upgraded Ruby interpreters:

  • Add support for Ruby 2.4.0 #3849
  • Add support for JRuby 9.1.7.0 #3878
  • Add support for Rubinius 3.70 #3889 and 3.71
  • Upgrade RubyGems to 2.6.10

Binaries:

  • Ubuntu x64 binary for Ruby 2.4.0 #3867