2.11.17 release contains a breaking change for YAML loading of LogEntry records
#4679
Labels
type:bug
Error, flaw or fault
Comments
|
@forkata Would you like to submit a PR to update the Changelog? If not, I can work on it :) |
|
Thanks for the quick response @gsmendoza. I can work on a PR to update the changelog 👍🏼 |
7 tasks
|
@gsmendoza I've opened up a PR to add an entry to the CHANGELOG.md for this release. I don't have the ability to update the Release notes, but if this looks good we could copy the note over to that. |
|
Thanks @forkata ! |
|
Thanks, @forkata. I updated the corresponding release notes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The switch to
YAML.safe_loadin this commit is a breaking change d2b05aaSolidus Version:
2.11.17
Current behavior
When trying to deserialize any classes other than the ones explicitly permitted an exception will be raised. For host applications which use this record for storing references to other classes a configuration change is require to add those to
Spree::AppConfiguration#log_entry_permitted_classesExpected behavior
Since this was introduced as a backport of a security patch, there isn't much we can do, other than document the breaking change better in the Changelog for the 2.11.17 release. This update came down as a
dependabotbump and it was not obvious from the Changelog that we need to update our configuration to include any classes that need to be explicitly allowed.The text was updated successfully, but these errors were encountered: