mirror of
https://github.com/paper-trail-gem/paper_trail.git
synced 2022-11-09 11:33:19 -05:00
172ac1d747
As part of the fix for CVE-2022-32224 Rails intruduced safe YAML loading and the `ActiveRecord.yaml_column_permitted_classes` config. PaperTrail added support for respecting the new configuration here https://github.com/paper-trail-gem/paper_trail/pull/1397 The CVE-2022-32224 fix was also backported to Rails versions 5.2.8.1, 6.0.5.1, and, 6.1.6.1, however the name of the confiuration is slightly different from that in Rails 7.x. 7.0.3.1 ActiveRecord.yaml_column_permitted_classes 6.1.6.1 ActiveRecord::Base.yaml_column_permitted_classes 6.0.5.1 ActiveRecord::Base.yaml_column_permitted_classes 5.2.8.1 ActiveRecord::Base.yaml_column_permitted_classes PaperTrail currently doesn't support this alternative configuration naming, which means it will silent fall back to unsafe YAML loading. This commit updates `PaperTrail::Serializers::YAML` to be compatible with safe YAML loading for the Rails 5.2 / 6.0 / 6.1 branches. |
||
|---|---|---|
| .. | ||
| attribute_serializers | ||
| events | ||
| serializers | ||
| type_serializers | ||
| cleaner_spec.rb | ||
| compatibility_spec.rb | ||
| config_spec.rb | ||
| model_config_spec.rb | ||
| request_spec.rb | ||
| serializer_spec.rb | ||
| version_limit_spec.rb | ||
| version_number_spec.rb | ||
| version_spec.rb | ||