Home > Blockchain >  Upgrading to Rails 6.1.6.1 causes Psych::DisallowedClass: Tried to load unspecified class: Symbol
Upgrading to Rails 6.1.6.1 causes Psych::DisallowedClass: Tried to load unspecified class: Symbol

Time:07-18

When upgrading to Rails 6.1.6.1, I started getting the following error in the application:

Psych::DisallowedClass:
        Tried to load unspecified class: Symbol

This is being caused by using the Hash serializer on an ActiveRecord column, which uses Symbols as keys or values:

serialize :parameters, Hash

CodePudding user response:

The error occurs due to the following security update in Rails: https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

The Hash serializer apparently loaded data with YAML.unsafe_load, which now changed to YAML.safe_load. This new method does not handle data types such as Symbol or Time by default for security reasons.

The workaround as the announcement suggests is to either migrate the serializer to JSON or use only safe data types in the serialization (Strings, Numbers).

However, there are two configurable quick workarounds though:

config.active_record.use_yaml_unsafe_load

This is not recommended as it basically reverts back to the old behaviour.

OR

config.active_record.yaml_column_permitted_classes = [Symbol]

Which allows serializing Symbols or other unsupported (or unsafe) data types.

  • Related