php · typo3/cms-coreHeads-up
typo3/cms-core: VariableFrontend and Registry now prevent PHP Object Injection
VariableFrontend and Registry now deserialize PHP payloads with integrity validation and class restrictions, preventing PHP Object Injection.
What changed
VariableFrontend and Registry now deserialize PHP payloads with integrity validation and class restrictions, preventing PHP Object Injection.
Who it affects
Users of TYPO3 versions before 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS.
What to do today
Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS.
The trail
Collected→
Audited→
Written→
Published