Project

General

Profile

Actions

Task #85466

closed

Use secure deserialization in extension manager

Added by Oliver Hader over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Extension Manager
Target version:
-
Start date:
2018-07-03
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.0
Tags:
Complexity:
Sprint Focus:

Description

In order to harden the deserialization of scalar and array values in extension manager unserialize() calls are hardened further to disallow object reconstitution. The information is retrieved from the TYPO3 extension repository (TER) where according countermeasures are in place to protect object injections - that's why this change is considered as hardening and not as security issue.

Actions

Also available in: Atom PDF