20300: Call safe_load explicitly instead of using safe_yaml gem.

[arvados.git] / services / api / lib / serializers.rb

diff --git a/services/api/lib/serializers.rb b/services/api/lib/serializers.rb
index 37734e0bb41dce88500b143fab0a71102b1b8b33..c25b9060b4100871e2ec832e318120829db9ef4e 100644 (file)
--- a/services/api/lib/serializers.rb
+++ b/services/api/lib/serializers.rb
@@ -16,7 +16,7 @@ class Serializer
   end
 
   def self.legacy_load(s)
-    val = Psych.safe_load(s)
+    val = Psych.safe_load(s, permitted_classes: [Time])
     if val.is_a? String
       # If apiserver was downgraded to a YAML-only version after
       # storing JSON in the database, the old code would have loaded