-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rails 6.1.6.1 with Ruby 2.5 throws ArgumentError: unknown keywords: permitted_classes, aliases #45590
Comments
Assigning to @skipkayhil since he's already noticed this and is working on a fix. Will let you know when it's merged. While not a short term fix, it's recommended you upgrade your Ruby version ASAP. It has been EOL since March 2021 and could be vulnerable to other security issues. |
In case anyone can't wait: module Psych
module_function
class << self
alias original_safe_load safe_load
end
def safe_load(yaml,
whitelist_classes = [],
whitelist_symbols = [],
arg_aliases = false,
filename = nil,
symbolize_names: false,
permitted_classes: whitelist_classes,
aliases: false)
original_safe_load(
yaml, permitted_classes, whitelist_symbols, aliases || arg_aliases, filename,
symbolize_names: symbolize_names,
)
end
end |
You can also try adding |
Closed by #45593 |
@danmun This was fixed in the closed PR. I've quoted below what I wrote there. Point your gemfile at the 5-2-stable branch and this will be fixed. However, I highly recommend upgrading to 6.x ASAP, 5.2 is no longer supported. It will not receive anymore releases.
|
@eileencodes Noted, thank you! I will use 5-2-stable. |
If your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: https://github.com/rails/rails/blob/v5.2.8.1/activerecord/CHANGELOG.md |
For those less familarized with Ruby or Rails, and have found this problem with Debian-packaged verison of Redmine, to apply @lanej solution (thanks so much!), add his lines at the end of /usr/lib/ruby/2.5.0/psych.rb (Ruby allows to redefine a piece of software). Also add @baraidrissa (again, thanks!) line at /usr/share/redmine/config/application.rb. Add also ActiveSupport::HashWithIndifferentAccess, so it reads:
|
Hi, Also encounting this error, I added module Psych to psych.rb and application.rb.
Where to add this ? |
As said in my previous message, in |
After applying the above workarounds, my Redmine server was broken again by the next Debian update:
I think the culprit is this entry in /usr/share/doc/ruby-activerecord/changelog.Debian.gz:
I was able to fix the problem by commenting out the |
Exacty, that's what I've done today myself. |
Rails 5.2.8 (or thereabouts) has an option for using `YAML.safe_load` for serialized ActiveRecord fields, but assumes the Ruby 2.6/Psych 3.1 interface for that method (using keyword arguments). Since we're still on Ruby 2.5, and can't confidently whitelist classes for `safe_load` (since that's down to downstreaming consuming code), we disable this feature for the test suite. See rails/rails#45590
Due to latest security update [1] backported to 6.1-stable Rails can no longer load on Ruby 2.5.
[1] - f05ac78
I guess it's due to simple overlook at the
safe_load
method version between different Rubies:Ruby 2.5.9: https://ruby-doc.org/stdlib-2.5.9/libdoc/psych/rdoc/Psych.html#method-c-safe_load
Ruby 2.6.0: https://ruby-doc.org/stdlib-2.6/libdoc/psych/rdoc/Psych.html#method-c-safe_load
Steps to reproduce
Have Rails 6.1.6.1 application running on Ruby 2.5.x.
Expected behavior
Rails works as before.
Actual behavior
Trying to load application throws
[/usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/psych.rb:313]: ArgumentError: unknown keywords: permitted_classes, aliases
.System configuration
Rails version: 6.1.6.1
Ruby version: 2.5.1
The text was updated successfully, but these errors were encountered: