fix Rails 7.0.3.1 loading user settings

rinonb · Jul 20, 2022 · 29ceb06 · 29ceb06
1 parent b5c9332
commit 29ceb06
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/config/application.rb b/config/application.rb
@@ -59,6 +59,10 @@ class Application < Rails::Application
     config.generators do |g|
       g.factory_bot false
     end
+
+    # https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
+    # activerecord-typedstore needs:
+    config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess]
   end
 end