Protecting rubygems.org from the outside in: DoS prevention and compromised passwords
Summary
RubyGems.org introduced two security improvements: AST-based validation of gem metadata to replace dangerous YAML deserialization during pushes, and an integration with Have I Been Pwned to block login attempts with compromised passwords using k-anonymity. These changes reduce the risk of supply-chain attacks and credential stuffing, while preserving user privacy.