diff --git a/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php b/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php
index e1869013497f339300e688af049157919a35cb0e..355d72fafb6af68885d154d0d9dc4b7eb90f7073 100644
--- a/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php
+++ b/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php
@@ -107,7 +107,7 @@ class MvcPropertyMappingConfigurationService implements \TYPO3\CMS\Core\Singleto
      */
     protected function serializeAndHashFormFieldArray(array $formFieldArray)
     {
-        $serializedFormFieldArray = serialize($formFieldArray);
+        $serializedFormFieldArray = json_encode($formFieldArray);
         return $this->hashService->appendHmac($serializedFormFieldArray);
     }
 
@@ -126,7 +126,7 @@ class MvcPropertyMappingConfigurationService implements \TYPO3\CMS\Core\Singleto
         }
 
         $serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
-        $trustedProperties = unserialize($serializedTrustedProperties);
+        $trustedProperties = json_decode($serializedTrustedProperties, true);
         foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
             if (!$controllerArguments->hasArgument($propertyName)) {
                 continue;
diff --git a/typo3/sysext/extbase/Classes/Mvc/Web/Request.php b/typo3/sysext/extbase/Classes/Mvc/Web/Request.php
index 2f1d0572a1023c00c4a3d29e12e7c3c7063f18fd..a8fafa354566ca5200128fc4324e9b7dad25932f 100644
--- a/typo3/sysext/extbase/Classes/Mvc/Web/Request.php
+++ b/typo3/sysext/extbase/Classes/Mvc/Web/Request.php
@@ -187,12 +187,8 @@ class Request extends \TYPO3\CMS\Extbase\Mvc\Request
     public function getReferringRequest()
     {
         if (isset($this->internalArguments['__referrer']['@request'])) {
-            $referrerArray = unserialize($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['@request']));
+            $referrerArray = json_decode($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['@request']), true);
             $arguments = [];
-            if (isset($this->internalArguments['__referrer']['arguments'])) {
-                // This case is kept for compatibility in 7.6 and 6.2, but will be removed in 8
-                $arguments = unserialize(base64_decode($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['arguments'])));
-            }
             // todo: Creating a referring request object here with a new statement is strange.
             // todo: As request objects have inject methods and are still meant to be created via object manager,
             // todo: this creates a partly non functional object. This is ok here as only the arguments matter, but
diff --git a/typo3/sysext/extbase/Tests/Functional/Mvc/Validation/ActionControllerValidationTest.php b/typo3/sysext/extbase/Tests/Functional/Mvc/Validation/ActionControllerValidationTest.php
index 87ab33f927679c6594a6f7a70c0410317cc094cf..4e13c73a15250694b4fc693bafdb2d234118afb3 100644
--- a/typo3/sysext/extbase/Tests/Functional/Mvc/Validation/ActionControllerValidationTest.php
+++ b/typo3/sysext/extbase/Tests/Functional/Mvc/Validation/ActionControllerValidationTest.php
@@ -80,7 +80,7 @@ class ActionControllerValidationTest extends FunctionalTestCase
         $referrerRequest['@action'] = 'testForm';
         $request->setArgument(
             '__referrer',
-            ['@request' => $this->getHashService()->appendHmac(serialize($referrerRequest))]
+            ['@request' => $this->getHashService()->appendHmac(json_encode($referrerRequest))]
         );
 
         while (!$request->isDispatched()) {
@@ -143,7 +143,7 @@ class ActionControllerValidationTest extends FunctionalTestCase
         $referrerRequest['@action'] = 'testForm';
         $request->setArgument(
             '__referrer',
-            ['@request' => $this->getHashService()->appendHmac(serialize($referrerRequest))]
+            ['@request' => $this->getHashService()->appendHmac(json_encode($referrerRequest))]
         );
 
         while (!$request->isDispatched()) {
diff --git a/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php b/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php
index 3c70fe64a199966044f0f5d8b453ea6178772cab..a705b1100ed882d9227a3db384f0c3a475dddf75 100644
--- a/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php
+++ b/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php
@@ -159,14 +159,14 @@ class MvcPropertyMappingConfigurationServiceTest extends UnitTestCase
         $hashService = $this->getMockBuilder($this->buildAccessibleProxy(\TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::class))
             ->setMethods(['appendHmac'])
             ->getMock();
-        $hashService->expects($this->once())->method('appendHmac')->with(serialize($formFieldArray))->will($this->returnValue(serialize($formFieldArray) . $mockHash));
+        $hashService->expects($this->once())->method('appendHmac')->with(json_encode($formFieldArray))->will($this->returnValue(json_encode($formFieldArray) . $mockHash));
 
         $requestHashService = $this->getMockBuilder($this->buildAccessibleProxy(\TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::class))
             ->setMethods(['dummy'])
             ->getMock();
         $requestHashService->_set('hashService', $hashService);
 
-        $expected = serialize($formFieldArray) . $mockHash;
+        $expected = json_encode($formFieldArray) . $mockHash;
         $actual = $requestHashService->_call('serializeAndHashFormFieldArray', $formFieldArray);
         $this->assertEquals($expected, $actual);
     }
@@ -302,7 +302,7 @@ class MvcPropertyMappingConfigurationServiceTest extends UnitTestCase
         $mockHashService = $this->getMockBuilder(\TYPO3\CMS\Extbase\Security\Cryptography\HashService::class)
             ->setMethods(['validateAndStripHmac'])
             ->getMock();
-        $mockHashService->expects($this->once())->method('validateAndStripHmac')->with('fooTrustedProperties')->will($this->returnValue(serialize($trustedProperties)));
+        $mockHashService->expects($this->once())->method('validateAndStripHmac')->with('fooTrustedProperties')->will($this->returnValue(json_encode($trustedProperties)));
 
         $requestHashService = $this->getAccessibleMock(\TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::class, ['dummy']);
         $requestHashService->_set('hashService', $mockHashService);
diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
index 937c3ba31f51558b11aea3153b163e2c535131a6..57c0e0cf34a8b33348202bb7b8b48dbbdbc8b8aa 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
@@ -268,8 +268,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
         $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@extension]') . '" value="' . $extensionName . '" />' . LF;
         $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@controller]') . '" value="' . $controllerName . '" />' . LF;
         $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@action]') . '" value="' . $actionName . '" />' . LF;
-        $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[arguments]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(base64_encode(serialize($request->getArguments())))) . '" />' . LF;
-        $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@request]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(serialize($actionRequest))) . '" />' . LF;
+        $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@request]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(json_encode($actionRequest))) . '" />' . LF;
 
         return $result;
     }
diff --git a/typo3/sysext/fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php b/typo3/sysext/fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php
index 48b57876057bf6c9de0d19cb9a664a7f8effe05e..1dcc63e400d1e692aa1f43ff4d874059a1ebf7ce 100644
--- a/typo3/sysext/fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php
+++ b/typo3/sysext/fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php
@@ -258,7 +258,6 @@ class FormViewHelperTest extends ViewHelperBaseTestcase
         $expectedResult =  \chr(10) . '<input type="hidden" name="__referrer[@extension]" value="extensionName" />'
             . \chr(10) . '<input type="hidden" name="__referrer[@controller]" value="controllerName" />'
             . \chr(10) . '<input type="hidden" name="__referrer[@action]" value="controllerActionName" />'
-            . \chr(10) . '<input type="hidden" name="__referrer[arguments]" value="" />'
             . \chr(10) . '<input type="hidden" name="__referrer[@request]" value="" />' . \chr(10);
         $viewHelper->_set('tag', $this->tagBuilder);
         $this->assertEquals($expectedResult, $hiddenFields);