RubyGems experienced a notice incident on May 12, 2026, lasting 3d 20h. The incident has been resolved; the full update timeline is below.
Update timeline
- identified May 12, 2026, 08:54 AM UTC
Due to an ongoing DDoS attack against rubygems.org, we have temporarily disabled registrations. We'll share an update once we've made changes to protect legitimate users and prevent further abuse.
- identified May 13, 2026, 03:17 AM UTC
The malicious spam activity against rubygems.org has stopped. The bot accounts responsible have been blocked and removed, and the 500+ malicious packages pushed during the attack have been yanked from the registry. Registrations will remain closed while we coordinate with Fastly to enable WAF protection and tighten rate limiting on account creation. We expect this to take two to three days. We'll post another update when we're closer being ready to re-enable user registrations. Gem installs and pushes for existing users are unaffected.
- resolved May 16, 2026, 05:12 AM UTC
This incident has been resolved and we've re-enabled account registrations