Merge pull request #242 from portagenetwork/BEcoME_Download_Error

fix issue240 and upgrade to ruby 2.7.6

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## [3.0.4+portage-3.0.15] - 2022-11-04
+
+### Changed
+
+- Upgrade ruby 2.6.9 to 2.7.6 due to a bug fix of ruby for XCode 14 (https://bugs.ruby-lang.org/issues/18912) was only pushed to ruby >=2.7
+
+- Updated Docker.production file to fix a rake issue when pushing to docker
+
+### Fixed
+
+- Fixed the bug that some users saw 'Tried to Load Specific Class: Symbol' error message when moving to Download tab [#240](https://github.com/portagenetwork/roadmap/issues/240)
+
 ## [3.0.4+portage-3.0.14] - 2022-08-26
 
 ### Added

Dockerfile.production

@@ -1,4 +1,4 @@
-FROM ruby:2.6.6
+FROM ruby:2.7.6
 
 # Setup bundle to install gems to volume
 ENV BUNDLE_PATH=/bundle/ \
@@ -43,6 +43,10 @@ RUN RAILS_ENV=production bundle install --jobs=3 --retry=3
 
 COPY . $INSTALL_PATH
 RUN NODE_ENV=production yarn install --prod --check-files
+RUN bundle config set force_ruby_platform true
+
+# /bundle/ruby/2.7.0/bin/rake error: Could not find nokogiri-1.13.6, mini_portile2-2.5.3 in locally installed gems (Bundler::GemNotFound)
+RUN bundle update rake 
 RUN DATABASE_URL=nulldb://user:test@127.0.0.1/roadmap RAILS_ENV=production SECRET_KEY_BASE=change_me DEVISE_SECRET_KEY=pickasecuretoken bundle exec rake assets:precompile
 
 EXPOSE 3000

config/application.rb

@@ -30,6 +30,10 @@ class Application < Rails::Application
 
     config.autoload_paths += %W[#{config.root}/lib]
 
+    # CVE-2022-32224: add some compatibility with YAML.safe_load
+    # Rails 5,6,7 are using YAML.safe_load as the default YAML deserializer
+    config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess, Symbol, Date, Time]
+
     # HTML tags that are allowed to pass through `sanitize`.
     config.action_view.sanitized_allowed_tags = %w[
       p br strong em a table thead tbody tr td th tfoot caption ul ol li