Merge rubygems-2.6.14 changes.

It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60149 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-10-10 08:58:22 +0000
committer: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-10-10 08:58:22 +0000
commit: 500f15e5079026f3da993b404f7474aa3c69cc0a ()
tree: 5d03277ea27cf1be4b4616482693be01fdf6f0e4 /lib/rubygems/config_file.rb
parent: 6d86ee593a78221bfadd99fd9edf41eb5a985cc7 (diff)
1 files changed, 1 insertions, 1 deletions
@@ -354,7 +354,7 @@ if you believe they were disclosed to a third party.
 return {} unless filename and File.exist? filename
 begin
- content = YAML.load(File.read(filename))
 unless content.kind_of? Hash
 warn "Failed to load #{filename} because it doesn't contain valid YAML hash"
 return {}
author	hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-10-10 08:58:22 +0000
committer	hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-10-10 08:58:22 +0000
commit	500f15e5079026f3da993b404f7474aa3c69cc0a ()
tree	5d03277ea27cf1be4b4616482693be01fdf6f0e4 /lib/rubygems/config_file.rb
parent	6d86ee593a78221bfadd99fd9edf41eb5a985cc7 (diff)