[SECURITY] Explicitly deny object deserialization 42/57542/2
authorOliver Hader <oliver@typo3.org>
Thu, 12 Jul 2018 09:31:33 +0000 (11:31 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 12 Jul 2018 09:31:36 +0000 (11:31 +0200)
commitfa0c6aaf4630733c1370e302ccf5b394ed5daae1
tree542b53efaf987e9ff3bf4ec8116009d73658f398
parentb02279274499f3fe09c7bc58bb0ba46053dd2d2d
[SECURITY] Explicitly deny object deserialization

Resolves: #85385
Releases: master, 8.7, 7.6
Security-Commit: 8cd7fa85f5b60c508aaac3184101008ba2e8df7f
Security-Bulletin: TYPO3-CORE-SA-2018-002
Change-Id: I2494702e67a180fff36173645b8478a12680b870
Reviewed-on: https://review.typo3.org/57542
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
typo3/sysext/rsaauth/Tests/Unit/Backend/CommandLineBackendTest.php