[SECURITY] Explicitly deny object deserialization 46/57546/2
authorOliver Hader <oliver@typo3.org>
Thu, 12 Jul 2018 09:32:17 +0000 (11:32 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 12 Jul 2018 09:32:22 +0000 (11:32 +0200)
commit0b0ba0f827f14ac483009c1bfb06a23c37d36a20
treec4e0ac6dd13990e43a5d51666ca9a9b96e08201f
parent844c6f49f776b2b274b563432c676114191362f9
[SECURITY] Explicitly deny object deserialization

Resolves: #85385
Releases: master, 8.7, 7.6
Security-Commit: 6a294ad6b15677b41b90d93ad8690b92048404fe
Security-Bulletin: TYPO3-CORE-SA-2018-002
Change-Id: I710a0b7d6bfdb425380aebe3cbd7f88e73eb6b21
Reviewed-on: https://review.typo3.org/57546
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
typo3/sysext/rsaauth/Tests/Unit/Backend/CommandLineBackendTest.php