packages/rubygem-activerecord
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rubygem-activerecord/CVE-2022-44566-pre1.patch

26 lines
979 B
Diff
Raw Permalink Normal View History

fix CVE-2022-44566 fix CVE-2022-44566 CVE-2023-22794 (cherry picked from commit ead83c6d23c77103756b10a0ec6501a8a5601c52)
2023-02-22 12:29:15 +00:00
From fbb7f0b407c96cb38fba6b2e8cb8ce12252738da Mon Sep 17 00:00:00 2001
From: Jean Boussier <jean.boussier@gmail.com>
Date: Wed, 13 Jul 2022 18:59:49 +0200
Subject: [PATCH 1/1] Allow Symbol by default in YAML columns
---
activerecord/lib/active_record/core.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/activerecord-6.1.4.1/lib/active_record/core.rb b/activerecord-6.1.4.1/lib/active_record/core.rb
index 379cae1830..9f1584d46b 100644
--- a/activerecord-6.1.4.1/lib/active_record/core.rb
+++ b/activerecord-6.1.4.1/lib/active_record/core.rb
@@ -161,7 +161,7 @@ def self.configurations
# Application configurable array that provides additional permitted classes
# to Psych safe_load in the YAML Coder
- mattr_accessor :yaml_column_permitted_classes, instance_writer: false, default: []
+ mattr_accessor :yaml_column_permitted_classes, instance_writer: false, default: [Symbol]
self.filter_attributes = []
--
2.33.0
Reference in New Issue Copy Permalink