Rails 3.2.11 is OK. I upgraded a website to it and did nothing else and when I try the curl command ( curl -i -H "Content-Type: application/xml" -X POST -d '<id type="yaml">--- !ruby/object:ActionController::Base bar: 1</id>' http://example.com/ ) I see something like this in the production log:
Hash::DisallowedType (Disallowed type attribute: "yaml"):
activesupport (3.2.11) lib/active_support/core_ext/hash/conversions.rb:112:in `typecast_xml_value'
If you're running a very old version of rails, it might not be that easy to update to the latest rails version. In that case, just stick this in your config/environment.rb
