Drop soft enforcement of restricted YAML deserialization classes
What does this MR do and why?
!92400 (merged) upgraded Rails to v6.1.6.1 and monkey patched Rails to allow soft enforcement of deserializing classes with YAML. Now that we have run with two weeks without any more classes showing up in the production logs, we should be able to drop this soft enforcement now and actively prevent a potential CVE.
Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/367742
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Stan Hu