Bug #91387
Updated by Markus Klein almost 4 years ago
With security advisory https://typo3.org/security/advisory/TYPO3-CORE-SA-2020-004 new @BlockSerializationTrait@ has been introduced blocking serialization and deserialization for a couple of classes (see advisory for details). Since this cause a couple of side-effects for valid use-cases, the restriction on @serialize()@ is removed - which is fine from a security point of view.
Possible use case:
Some system state has to be persisted for documentation purposes, which needs a working serialization. De-serialization is not needed in such cases.