Project

General

Profile

Actions

Patch #37452

closed

Update Rails to 6.1.7

Added by Azamat Hackimov over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Rails support
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Rails team released new versions of rails that fixes CVE-2022-32224 security issue (https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017). Updated version is not backward compatible, application should explicitly enable permitted classes for YAML serialization:

config.active_record.yaml_column_permitted_classes: [Symbol]

Files


Related issues

Related to Redmine - Defect #37719: Broken serialized columns, if saved time was with Rails 4.2ClosedGo MAEDA

Actions
Copied to Redmine - Patch #37465: Update Rails to 5.2.8.1ClosedGo MAEDA

Actions
Actions

Also available in: Atom PDF