[BUGFIX] Relax constraints on serializing objects (5c48857f) · Commits · TYPO3 / TYPO3.CMS

Commit 5c48857f authored 4 years ago by

Oliver Hader Committed by Andreas Fernandez 4 years ago

[BUGFIX] Relax constraints on serializing objects

With security advisory TYPO3-CORE-SA-2020-004 new
`BlockSerializationTrait` has been introduced blocking serialization
and deserialization for a couple of classes (see advisory for details).
Since this caused a couple of side-effects for valid use-cases, the
restriction on serialize() is removed - which is fine from a security
point of view.

Resolves: #91387
Releases: master, 9.5
Change-Id: I9a9d415deab80badc3c1517f2e0c0c3336d3d936
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64486


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

parent 45d2a426

Hide whitespace changes

Inline Side-by-side

Showing with 5 additions and 9 deletions

Please register or to comment