TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
fb5cef98bb
rails/activerecord/test/models/admin
History
Zack Deveau 611990f1a6
Change ActiveRecord::Coders::YAMLColumn default to safe_load 
In Psych >= 4.0.0, load defaults to safe_load. This commit
makes the ActiveRecord::Coders::YAMLColum class use Psych safe_load
as the Rails default.

This default is configurable via ActiveRecord.use_yaml_unsafe_load

We conditionally fallback to the correct unsafe load if use_yaml_unsafe_load
is set to true. unsafe_load was introduced in Psych 4.0.0

The list of safe_load permitted classes is configurable via
ActiveRecord.yaml_column_permitted_classes

[CVE-2022-32224]
2022-07-12 09:26:46 -07:00
..
account.rb Use frozen-string-literal in ActiveRecord 2017-07-19 22:27:07 +03:00
randomly_named_c1.rb Use frozen-string-literal in ActiveRecord 2017-07-19 22:27:07 +03:00
user_json.rb Change ActiveRecord::Coders::YAMLColumn default to safe_load 2022-07-12 09:26:46 -07:00
user.rb Update prefix and allow suffix options for store accessors 2018-06-12 07:10:09 -07:00