Merge pull request ManageIQ#22852 from jrafanie/move_initializer_to_c…

…onfig_option Use config option in 6.1.7+ instead of an initializer
agrare · Jan 24, 2024 · b039573 · b039573
2 parents 3198a53 + b09e1f9
commit b039573
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/config/application.rb b/config/application.rb
@@ -89,6 +89,14 @@ class Application < Rails::Application
     config.action_cable.allow_same_origin_as_host = true
     config.action_cable.mount_path = '/ws/notifications'
 
+    # Rails 6.1.7+ has a protection to not lookup values by a large number.
+    # A lookup/comparison with a large number (bigger than bigint)
+    # needs to cast the db column to a double/numeric.
+    # and that casting skips the index and forces a table scan
+    #
+    # https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
+    config.active_record.raise_int_wider_than_64bit = false
+
     # Use yaml_unsafe_load for column serialization to handle Symbols
     config.active_record.use_yaml_unsafe_load = true
 

diff --git a/config/initializers/postgres_bigints.rb b/config/initializers/postgres_bigints.rb