FEDORA-EPEL-2019-e514dd8ee0

newpackage update in Fedora EPEL 6 for php-brumann-polyfill-unserialize

Status: stable 3 months ago

Backports unserialize options introduced in PHP 7.0 to older PHP versions. This was originally designed as a Proof of Concept for Symfony Issue #21090.

You can use this package in projects that rely on PHP versions older than PHP 7.0. In case you are using PHP 7.0+ the original unserialize() will be used instead.

From the documentation:

Warning: Do not pass untrusted user input to unserialize(). Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this.

This warning holds true even when allowed_classes is used.

Comments 7

This update has been submitted for testing by siwinski.

This update test gating status has been changed to 'waiting'.

This update test gating status has been changed to 'ignored'.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by siwinski.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
newpackage
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 4 months ago
in testing 4 months ago
in stable 3 months ago

Related Bugs 1

00 #1707960 Review Request: php-brumann-polyfill-unserialize - Backports unserialize options introduced in PHP 7.0

Automated Test Results