[ruby-core:51901] Re: [ruby-trunk - Bug #7780] Marshal & YAML should deserialize only basic types by default.

< ^ > P N |<>| ^ _>< --- | ~ ...Help

Em 05-02-2013 23:57, Aaron Patterson escreveu:
>> I really don't see this as a problem.
>>
>> What I see as a problem is having sites compromised.
> Who would argue with this?  The security patches release do not allow
> YAML to process user input.

This is not true. Ruby hasn't been fixed (or I didn't see any security 
patches to Ruby at least). I guess you're talking about the Rails 
security patches.

But this doesn't affect only Rails. It affected RubyGems.org for instance.