PHP fastcgi logging with woo-commerce / WordPress

We have a synchronisation script running with the REST API from WooCommerce. This script is running for years. But suddenly it received gateway errrors

In the /var/log/nginx/error.log, the following error messages appeared

2022/08/03 22:41:19 [error] 1233#33321: *323108 upstream sent too big header while reading response header from upstream, client: 10.0.0.1, server: www.example.com, request: "POST /wp-json/wc/v3/products/1234/variations/batch HTTP/1.1", upstream: "fastcgi://unix:/tmp/example.com.sock:", host: "www.example.com"

It seems PHP is sending debug information over the FASTCGI headers.
This isn't desirable.

To fix it, disable it in php.ini. (it's on by default. WHY!?)

fastcgi.logging = 0

Btw. these errors/warnings are from low quality wordpress-plugins. (which cannot be replaced directly)

Security Update Rails (CVE-2022-32224)

Updating rails with the secrurity update CVE-2022-32224, "Possible RCE escalation bug with Serialized Columns in Active Record".
can cause troubles in rails projects. (I had several project that has issues with this fix).
https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

The main change is that the YAML loader is using safe_load to parse the string. Most classes aren't supported anymore.
Several essential classes have been removed.

To support my Spree Commerce rails projects, I've had to add the following initializer.

ActiveRecord::Base.yaml_column_permitted_classes += [BigDecimal, Symbol]

Other projects requried the HasWithIndifferentAccess

ActiveRecord::Base.yaml_column_permitted_classes += [ ActiveSupport::HashWithIndifferentAccess]

Please try to keep the number of supported classes.
I personally prefer to use JSON for new projects. Because it's simple and clean.