

Yaml.rb patch to block the rails exploit and most similar classes of exploits - nelhage
https://gist.github.com/4507129

======
cdcarter
Correct me if I am wrong, but this solves the YAML half of the exploit but not
the XML part, right? This is not a complete patch against the exploits?

~~~
dandandan
Not all of them but this prevents most of the YAML strings from being
serialized into Ruby objects by way of a 'safe' whitelist.

