e85cf8cfea
Rails 7.0.3.1 (2022-07-12) updates databases/ruby-activerecord70 only. databases/ruby-activerecord70 * Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: o config.active_storage.use_yaml_unsafe_load When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. o config.active_record.yaml_column_permitted_classes The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] [CVE-2022-32224]
5 lines
372 B
Text
5 lines
372 B
Text
$NetBSD: distinfo,v 1.7 2022/07/13 14:48:47 taca Exp $
|
|
|
|
BLAKE2s (activestorage-7.0.3.1.gem) = 26968078d2692fd4b8e7280994e51684a9d0209131e0b6936e95bb9b90528df1
|
|
SHA512 (activestorage-7.0.3.1.gem) = fce177441c17366d1cc4997d35e7970b619425b6a6d8a537c128aa7e535f19abe3791e500a77e3ed483472922918950a2de8a9c60a6d1ecc83779aec3990b8d7
|
|
Size (activestorage-7.0.3.1.gem) = 65536 bytes
|