Rails 6.1.6.1 with Ruby 2.5 throws ArgumentError: unknown keywords: permitted_classes, aliases #45590
Comments
|
Assigning to @skipkayhil since he's already noticed this and is working on a fix. Will let you know when it's merged. While not a short term fix, it's recommended you upgrade your Ruby version ASAP. It has been EOL since March 2021 and could be vulnerable to other security issues. |
|
In case anyone can't wait: module Psych
module_function
class << self
alias original_safe_load safe_load
end
def safe_load(yaml,
whitelist_classes = [],
whitelist_symbols = [],
arg_aliases = false,
filename = nil,
symbolize_names: false,
permitted_classes: whitelist_classes,
aliases: false)
original_safe_load(
yaml, permitted_classes, whitelist_symbols, aliases || arg_aliases, filename,
symbolize_names: symbolize_names,
)
end
end |
You can also try adding |
|
Closed by #45593 |
|
I am getting something similar after moving from Rails 5.2.7 to 5.2.8.1. Using Ruby 2.5.7. The error is thrown when trying to prepare the DB for tests, at first by running
|
|
@danmun This was fixed in the closed PR. I've quoted below what I wrote there. Point your gemfile at the 5-2-stable branch and this will be fixed. However, I highly recommend upgrading to 6.x ASAP, 5.2 is no longer supported. It will not receive anymore releases.
|
|
@eileencodes Noted, thank you! I will use 5-2-stable. |
If your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: https://github.com/rails/rails/blob/v5.2.8.1/activerecord/CHANGELOG.md |
For those less familarized with Ruby or Rails, and have found this problem with Debian-packaged verison of Redmine, to apply @lanej solution (thanks so much!), add his lines at the end of /usr/lib/ruby/2.5.0/psych.rb (Ruby allows to redefine a piece of software). Also add @baraidrissa (again, thanks!) line at /usr/share/redmine/config/application.rb. Add also ActiveSupport::HashWithIndifferentAccess, so it reads:
|
|
Hi, Also encounting this error, I added module Psych to psych.rb and application.rb.
Where to add this ? |
As said in my previous message, in |
|
After applying the above workarounds, my Redmine server was broken again by the next Debian update: I think the culprit is this entry in /usr/share/doc/ruby-activerecord/changelog.Debian.gz: I was able to fix the problem by commenting out the |
|
Exacty, that's what I've done today myself. |
Rails 5.2.8 (or thereabouts) has an option for using `YAML.safe_load` for serialized ActiveRecord fields, but assumes the Ruby 2.6/Psych 3.1 interface for that method (using keyword arguments). Since we're still on Ruby 2.5, and can't confidently whitelist classes for `safe_load` (since that's down to downstreaming consuming code), we disable this feature for the test suite. See rails/rails#45590
Due to latest security update [1] backported to 6.1-stable Rails can no longer load on Ruby 2.5.
[1] - f05ac78
I guess it's due to simple overlook at the
safe_loadmethod version between different Rubies:Ruby 2.5.9: https://ruby-doc.org/stdlib-2.5.9/libdoc/psych/rdoc/Psych.html#method-c-safe_load
Ruby 2.6.0: https://ruby-doc.org/stdlib-2.6/libdoc/psych/rdoc/Psych.html#method-c-safe_load
Steps to reproduce
Have Rails 6.1.6.1 application running on Ruby 2.5.x.
Expected behavior
Rails works as before.
Actual behavior
Trying to load application throws
[/usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/psych.rb:313]: ArgumentError: unknown keywords: permitted_classes, aliases.System configuration
Rails version: 6.1.6.1
Ruby version: 2.5.1
The text was updated successfully, but these errors were encountered: