Project

General

Profile

Actions
Copy link

Bug #91387

closed

Relax constraints on serializing objects

Added by Oliver Hader almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Oliver Hader
Category:
Security
Target version:
9.5.18 & 10.4.3
Start date:
2020-05-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

With security advisory https://typo3.org/security/advisory/TYPO3-CORE-SA-2020-004 new BlockSerializationTrait has been introduced blocking serialization and deserialization for a couple of classes (see advisory for details). Since this cause a couple of side-effects for valid use-cases, the restriction on serialize() is removed - which is fine from a security point of view.

Possible use case:
Some system state has to be persisted for documentation purposes, which needs a working serialization. De-serialization is not needed in such cases.
Reported by Gernot Leitgab in https://typo3.slack.com/archives/C0K5MU94J/p1589366052028100

Related issues 4 (2 open2 closed)

Related to TYPO3 Core - Bug #91393: Cachingproblems after recent TYPO3 9.5.17 Closed2020-05-14

Actions
Related to TYPO3 Core - Bug #88613: Replace ObjectStorage & LazyObjectStorage with symfony/collectionNew2019-06-21

Actions
Related to TYPO3 Core - Bug #91404: After update from 9.5.16 to 9.5.17 I get an error 'Cannot serialize'Closed2020-05-14

Actions
Related to TYPO3 Core - Bug #91364: Extbase/CachingFramework - Serialization on 'Closure' is not allowedNew2020-05-12

Actions
Actions
Copy link
 #1

Updated by Oliver Hader almost 4 years ago

  • Is Regression set to Yes
Actions
Copy link
 #2

Updated by Gerrit Code Review almost 4 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64486

Actions
Copy link
 #3

Updated by Gerrit Code Review almost 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64486

Actions
Copy link
 #4

Updated by Gerrit Code Review almost 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64486

Actions
Copy link
 #5

Updated by Markus Klein almost 4 years ago

  • Description updated (diff)
Actions
Copy link
 #6

Updated by Benjamin Franzke almost 4 years ago

  • Description updated (diff)
Actions
Copy link
 #7

Updated by Gerrit Code Review almost 4 years ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64370

Actions
Copy link
 #8

Updated by Oliver Hader almost 4 years ago

  • Related to Bug #91393: Cachingproblems after recent TYPO3 9.5.17 added
Actions
Copy link
 #9

Updated by Oliver Hader almost 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #10

Updated by Oliver Hader almost 4 years ago

  • Target version set to 9.5.18 & 10.4.3
Actions
Copy link
 #11

Updated by Oliver Hader almost 4 years ago

  • Related to Bug #88613: Replace ObjectStorage & LazyObjectStorage with symfony/collection added
Actions
Copy link
 #12

Updated by Oliver Hader almost 4 years ago

  • Related to Bug #91404: After update from 9.5.16 to 9.5.17 I get an error 'Cannot serialize' added
Actions
Copy link
 #13

Updated by Oliver Hader almost 4 years ago

  • Related to Bug #91364: Extbase/CachingFramework - Serialization on 'Closure' is not allowed added
Actions
Copy link
 #14

Updated by Benni Mack almost 4 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF