While not exactly "news", I agree with your conclusion. Psych should have printed deprecation warnings some months before making this change. I must have fixed this in over a hundred places since January. Good blog and thanks!
Comments on Ruby 3.1’s incompatible changes to its YAML module (Psych 4)
It seems that the "Psych::DisallowedClass" error message still uses a black color even when the preferred `color-scheme` is dark, resulting the message unreadable unless selected when reading in dark mode. Just a note about a possible CSS misconfiguration. Still, great article with useful advice!
A deprecation error message calling attention to the fact that something is unsafe against malicious payloads is not necessarily great, either. If that stderr is redirected somewhere visible to a would-be attacker, that could be an open invitation.
I don’t see that as a big problem, fastryan. It wouldn’t reveal any more information to attackers than what is already public, and it would encourage developers to update their code to be more secure.
Get notified of new replies by feed or email.
Discussions also happens elsewhere! Read and participate in 2 external discussions (17 comments).