Use YAML.unsafe_load for encrypted configuration
Fix: https://github.com/rails/rails/pull/44063
This commit is contained in:
parent
be8e49f5da
commit
d5b65c082e
|
@ -1,3 +1,7 @@
|
|||
* Fix `ActiveSupport::EncryptedConfiguration` to be compatible with Psych 4
|
||||
|
||||
*Stephen Sugden*
|
||||
|
||||
* Improve `File.atomic_write` error handling
|
||||
|
||||
* Fix `Class#descendants` and `DescendantsTracker#descendants` compatibility with Ruby 3.1.
|
||||
|
|
|
@ -49,7 +49,8 @@ module ActiveSupport
|
|||
end
|
||||
|
||||
def deserialize(config)
|
||||
YAML.load(config).presence || {}
|
||||
doc = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(config) : YAML.load(config)
|
||||
doc.presence || {}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue