[TASK] Use secure deserialization in extension manager
[Packages/TYPO3.CMS.git] / typo3 / sysext / extensionmanager / Classes / Utility / Parser / AbstractExtensionXmlParser.php
index f9b772e..4e3e325 100644 (file)
@@ -403,7 +403,7 @@ abstract class AbstractExtensionXmlParser extends AbstractXmlParser
     protected function convertDependencies($dependencies)
     {
         $newDependencies = [];
-        $dependenciesArray = unserialize($dependencies);
+        $dependenciesArray = unserialize($dependencies, ['allowed_classes' => false]);
         if (is_array($dependenciesArray)) {
             foreach ($dependenciesArray as $version) {
                 if (!empty($version['kind']) && !empty($version['extensionKey'])) {