From 7a398adc2f7c9a912c542d19169b73aed4a544d0 Mon Sep 17 00:00:00 2001
From: Andrea Brancaleoni <miwaxe@gmail.com>
Date: Mon, 11 Mar 2024 08:26:14 +0100
Subject: [PATCH] [DOC] security.rdoc: fix YAML security documentation

Since https://github.com/ruby/ruby/commit/fbb4e3f96c10de2240f2d87eac19cf6f62f65fea
`YAML` does not unmarshal arbitrary ruby objects.
---
 doc/security.rdoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/security.rdoc b/doc/security.rdoc
index ae20ed30fa..e428036cf5 100644
--- a/doc/security.rdoc
+++ b/doc/security.rdoc
@@ -37,7 +37,7 @@ programs for configuration and database persistence of Ruby object trees.
 
 Similar to +Marshal+, it is able to deserialize into arbitrary Ruby classes.
 For example, the following YAML data will create an +ERB+ object when
-deserialized:
+deserialized, using the `unsafe_load` method:
 
   !ruby/object:ERB
   src: puts `uname`