From: Rodrigo Rosenfeld Rosas Date: 2013-02-06T22:58:03+09:00 Subject: [ruby-core:51901] Re: [ruby-trunk - Bug #7780] Marshal & YAML should deserialize only basic types by default. Em 05-02-2013 23:57, Aaron Patterson escreveu: >> I really don't see this as a problem. >> >> What I see as a problem is having sites compromised. > Who would argue with this? The security patches release do not allow > YAML to process user input. This is not true. Ruby hasn't been fixed (or I didn't see any security patches to Ruby at least). I guess you're talking about the Rails security patches. But this doesn't affect only Rails. It affected RubyGems.org for instance.