Dear all, according to the corresponding github issue[1], the source of the problem is an old version of psych embedded into ruby2.5 (which already is eol upstream). While we're all eagerly awaiting a backport of redmine for bullseye, the issue can be mitigated by the following 3 steps: 1. install the patched version of yaml_column.rb: | mv /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb \ | /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb-orig | wget -O /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb \ | https://raw.githubusercontent.com/skipkayhil/rails/5ab06e54b6868b249185e9fdf46349155665c54a/activerecord/lib/active_record/coders/yaml_column.rb 2. patch psych by overriding the class: | cat >> /usr/lib/ruby/2.5.0/psych.rb <<EOF | module Psych | module_function | | class << self | alias original_safe_load safe_load | end | | def safe_load(yaml, | whitelist_classes = [], | whitelist_symbols = [], | arg_aliases = false, | filename = nil, | symbolize_names: false, | permitted_classes: whitelist_classes, | aliases: false) | original_safe_load( | yaml, permitted_classes, whitelist_symbols, aliases || arg_aliases, filename, | symbolize_names: symbolize_names, | ) | end | end | EOF add permitted classes to /usr/share/redmine/config/application.rb:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time,
ActiveSupport::HashWithIndifferentAccess]
After these changes redmine works again.
all the best,
Adi
[1] https://github.com/rails/rails/issues/45590
signature.asc
Description: PGP signature
