@adob reported an issue that could have allowed an attacker to instantiate arbitrary Ruby objects on the servers used to generate GitHub Pages sites. GitHub Pages had recently upgraded to a newer version of Jekyll that disabled safe_yaml support for monkey patching YAML#load to be secure by default. An attacker could commit a malicious _config.yml file to their Pages repository that would cause an arbitrary object to be deserialized, possibly leading to remote code execution on the server. We addressed the vulnerability by explicitly enabling the safe_yaml gem for all of GitHub Pages.