kotovalexarian-likes-github
/
rails--rails
mirror of https://github.com/rails/rails.git
1
0
Fork 0
Code Releases Activity

Use YAML.unsafe_load for encrypted configuration 

Fix: https://github.com/rails/rails/pull/44063
This commit is contained in:
Stephen Sugden 2022-01-04 14:42:02 +01:00 committed by Jean Boussier
parent be8e49f5da
commit d5b65c082e
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
activesupport/CHANGELOG.md
View File

@ -1,3 +1,7 @@
* Fix `ActiveSupport::EncryptedConfiguration` to be compatible with Psych 4
*Stephen Sugden*
* Improve `File.atomic_write` error handling
* Fix `Class#descendants` and `DescendantsTracker#descendants` compatibility with Ruby 3.1.

3
activesupport/lib/active_support/encrypted_configuration.rb
View File

@ -49,7 +49,8 @@ module ActiveSupport
end
def deserialize(config)
YAML.load(config).presence || {}
doc = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(config) : YAML.load(config)
doc.presence || {}
end
end
end