[SECURITY] Explicitly deny object deserialization 60/57560/2
authorOliver Hader <oliver@typo3.org>
Thu, 12 Jul 2018 09:35:49 +0000 (11:35 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 12 Jul 2018 09:35:55 +0000 (11:35 +0200)
commitb6a04a1278e5336eaf0faca3268dbcb843a0ba7a
tree1309b583e357a1c664f99d1ce3236e976cf84bf5
parent421ef424220f16e1078719d49b1b210e78233772
[SECURITY] Explicitly deny object deserialization

Resolves: #85385
Releases: master, 8.7, 7.6
Security-Commit: f4d645d131fabc98cbbdcefcffb951040d2dd246
Security-Bulletin: TYPO3-CORE-SA-2018-002
Change-Id: Ia138f22856c7dd754e373803af799273868c622b
Reviewed-on: https://review.typo3.org/57560
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
typo3/sysext/rsaauth/Tests/Unit/Backend/CommandLineBackendTest.php