New error upon upgrading to Rails 5.2.8.1: Tried to load unspecified class: ActiveSupport::HashWithIndifferentAccess

[mekinsie]

Context:
I recently updated an app to Rails 5.2.8.1 and am encountering an issue regarding the serialization of HashWithIndifferentAccess via the Impressionist gem.

The new rails upgrade added a security fix that prevents potential SQL injections via the serialization of columns: https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

Issue:
The The impressionist gem serializes HashWithIndifferentAccess here - line 28 in /app/controllers/impressionist_controller.rb (this is where the error occurs)

Specifically, calling obj.impressions.create() serializes the params hash in associative_create_statement. I was unable to determine where in this method the serialization is happening (it is abstracted away somewhere). I'm hoping that this information might give the Impressionist team some insight as to where exactly this serialization might be happening, and create a fix for it so that we may continue to use the gem.

Temporary solution
Until then, I have to add the following to my application.rb file to prevent the error from occurring:
config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess]

This will allow the serialization to occur, but also means that the application is vulnerable to SQL injections according to the documentation I have linked above.