-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.11.17 release contains a breaking change for YAML loading of LogEntry
records
#4679
Comments
@forkata Would you like to submit a PR to update the Changelog? If not, I can work on it :) |
Thanks for the quick response @gsmendoza. I can work on a PR to update the changelog 👍🏼 |
@gsmendoza I've opened up a PR to add an entry to the CHANGELOG.md for this release. I don't have the ability to update the Release notes, but if this looks good we could copy the note over to that. |
Thanks @forkata ! |
Thanks, @forkata. I updated the corresponding release notes. |
The switch to
YAML.safe_load
in this commit is a breaking change d2b05aaSolidus Version:
2.11.17
Current behavior
When trying to deserialize any classes other than the ones explicitly permitted an exception will be raised. For host applications which use this record for storing references to other classes a configuration change is require to add those to
Spree::AppConfiguration#log_entry_permitted_classes
Expected behavior
Since this was introduced as a backport of a security patch, there isn't much we can do, other than document the breaking change better in the Changelog for the 2.11.17 release. This update came down as a
dependabot
bump and it was not obvious from the Changelog that we need to update our configuration to include any classes that need to be explicitly allowed.The text was updated successfully, but these errors were encountered: