CVE fix breaks serialization of symbols -- fix test

bootstrap-ruby / bootstrap_form

Official repository of the bootstrap_form gem, a Rails form builder that makes it super easy to create beautiful-looking forms using Bootstrap 5.

MIT License

1.64k stars 351 forks source link

Closed lcreid closed 1 year ago

lcreid commented 1 year ago

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 prevents serialization of a Symbol because it's potentially a security vulnerability. This PR changes a test so it serializes and attribute value with a String key rather than a Symbol.