From d5b65c082ef0c17241de26d5131e5b4d8a01b186 Mon Sep 17 00:00:00 2001
From: Stephen Sugden <grncdr@users.noreply.github.com>
Date: Tue, 4 Jan 2022 14:42:02 +0100
Subject: [PATCH] Use YAML.unsafe_load for encrypted configuration

Fix: https://github.com/rails/rails/pull/44063
---
 activesupport/CHANGELOG.md                                  | 4 ++++
 activesupport/lib/active_support/encrypted_configuration.rb | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index c35a359730..9ba49207c1 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,7 @@
+*   Fix `ActiveSupport::EncryptedConfiguration` to be compatible with Psych 4
+
+    *Stephen Sugden*
+
 *   Improve `File.atomic_write` error handling
 
 *   Fix `Class#descendants` and `DescendantsTracker#descendants` compatibility with Ruby 3.1.
diff --git a/activesupport/lib/active_support/encrypted_configuration.rb b/activesupport/lib/active_support/encrypted_configuration.rb
index fd8ab6c7c3..3382fe7508 100644
--- a/activesupport/lib/active_support/encrypted_configuration.rb
+++ b/activesupport/lib/active_support/encrypted_configuration.rb
@@ -49,7 +49,8 @@ module ActiveSupport
       end
 
       def deserialize(config)
-        YAML.load(config).presence || {}
+        doc = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(config) : YAML.load(config)
+        doc.presence || {}
       end
   end
 end