From: Rodrigo Rosenfeld Rosas <rr.rosas@...>
Date: 2013-02-06T22:58:03+09:00
Subject: [ruby-core:51901] Re: [ruby-trunk - Bug #7780] Marshal & YAML should deserialize only basic types by default.

Em 05-02-2013 23:57, Aaron Patterson escreveu:
>> I really don't see this as a problem.
>>
>> What I see as a problem is having sites compromised.
> Who would argue with this?  The security patches release do not allow
> YAML to process user input.

This is not true. Ruby hasn't been fixed (or I didn't see any security 
patches to Ruby at least). I guess you're talking about the Rails 
security patches.

But this doesn't affect only Rails. It affected RubyGems.org for instance.