1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Description: Allow Symbols and ActiveSupport::HashWithIndifferentAccess
in YAML columns temporarily as disabled by the recent Rails security update.
Author: Utkarsh Gupta <utkarsh@debian.org>
Forwarded: no
Last-Update: 2022-09-13
--- a/config/application.rb
+++ b/config/application.rb
@@ -42,6 +42,13 @@
config.action_mailer.delivery_job = "ActionMailer::MailDeliveryJob"
+ # Allow ActiveSupport::HashWithIndifferentAccess because it was
+ # disallowed with Rails 6.1.6.4 security update. Whilst they have
+ # re-added support for Symbol but not for other things, so allowing
+ # here explicitly.
+
+ config.active_record.yaml_column_permitted_classes = [Symbol, ActiveSupport::HashWithIndifferentAccess]
+
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
# Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
# config.time_zone = 'Central Time (US & Canada)'
|
