This PR addresses the regression from the Rails 5.2.8.1 upgrade impacting storage of ActiveSupport::HashWithIndifferentAccess yaml serializations (that impacts the Search model in Blacklight).
From @pgwillia via Slack @ 2022-07-20:
Blacklight has a "fix" that they even backported to the 6.x version we're using which deems ActiveSupport::HashWithIndifferentAccess and Symbol as "safe" classes for serialization. Unfortunately we're stuck on blacklight 6.10.1 because newer versions introduce a bug in how our email form is presented.
Rails 5.2.8.1 necessitated the specification of permitted classes as part of https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
This PR addresses the regression from the Rails 5.2.8.1 upgrade impacting storage of ActiveSupport::HashWithIndifferentAccess yaml serializations (that impacts the Search model in Blacklight).
From @pgwillia via Slack @ 2022-07-20: