Task #85466: Use secure deserialization in extension manager - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Task #85466

closed

Use secure deserialization in extension manager

Added by Oliver Hader over 6 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Extension Manager

Target version:

Start date:

2018-07-03

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

7.0

Tags:

Complexity:

Sprint Focus:

Description

In order to harden the deserialization of scalar and array values in extension manager unserialize() calls are hardened further to disallow object reconstitution. The information is retrieved from the TYPO3 extension repository (TER) where according countermeasures are in place to protect object injections - that's why this change is considered as hardening and not as security issue.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Task #85466

Use secure deserialization in extension manager

Updated by Gerrit Code Review over 6 years ago

Updated by Gerrit Code Review over 6 years ago

Updated by Gerrit Code Review over 6 years ago

Updated by Oliver Hader over 6 years ago

Updated by Benni Mack about 6 years ago