Remove object from the available list of FLUENT_OJ_OPTION_MODE

There is less benefit by this option in actual, and it will instroduce serious security risk since it can execute arbitrary Ruby code. We remove it since keeping it secure is difficult. Signed-off-by: Takuro Ashie <[email protected]>
fluent · Oct 27, 2022 · efe8a68 · efe8a68
1 parent d005002
commit efe8a68
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/fluent/oj_options.rb b/lib/fluent/oj_options.rb
@@ -11,7 +11,7 @@ class OjOptions
 
     ALLOWED_VALUES = {
       'bigdecimal_load': %i[bigdecimal float auto],
-      'mode': %i[strict null compat json rails object custom]
+      'mode': %i[strict null compat json rails custom]
     }
 
     DEFAULTS = {