This issue should have been fixed by ruby-attr-encrypted 3.1.0-3~bpo10+1 from buster-backports. See the following bug report for more details: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968971
A quick test from a GitLab instance using gitlab 13.6.7-1~fto10+1 and ruby-attr-encrypted 3.1.0-3~bpo10+1 did not trigger any issue on the /profile/two_factor_auth page.
OpenPGP_signature
Description: OpenPGP digital signature
