-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-f824c7b352 2020-04-20 19:39:39.396724 --------------------------------------------------------------------------------
Name : php-brumann-polyfill-unserialize Product : Fedora EPEL 6 Version : 1.0.4 Release : 1.el6 URL : https://github.com/dbrumann/polyfill-unserialize Summary : Backports unserialize options introduced in PHP 7.0 Description : Backports unserialize options introduced in PHP 7.0 to older PHP versions. This was originally designed as a Proof of Concept for Symfony Issue [#21090](https://github.com/symfony/symfony/pull/21090).
You can use this package in projects that rely on PHP versions older than PHP 7.0. In case you are using PHP 7.0+ the original unserialize() will be used instead.
From the [documentation](https://secure.php.net/manual/en/function.unserialize.php):
Warning: Do not pass untrusted user input to unserialize(). Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this.
This warning holds true even when `allowed_classes` is used.
Autoloader: /usr/share/php/Brumann/Polyfill/autoload.php
-------------------------------------------------------------------------------- Update Information:
## 1.0.4 This release provides minor improvements around type safety and some cleanups. ### Changelog - Newer PHP versions were added to the build pipeline to make sure no regressions are introduced when upgrading to PHP 7.2 or 7.3 - Adds tests - Minor changes to `unserialize()` that should not alter the current behavior: - Some if-conditions were simplified for better readability - When checking for `in_array()` the third argument (strict type check) was added - Instead of using `list()` inside the anonymous function `array_shift()` is used. This will make sure the behavior will stay consistent between major versions (not that this matters as with PHP 7 the global `unserialize()` will be used anyway) - type coercion is applied to the extracted variables inside the anonymous function, mainly to clarify `$objectSize` is an integer before adding +1 to it - A `.gitattributes` file was added to ensure tests are stripped from the final release to make the resulting dist file is a teeny tiny bit smaller - A `composer.lock` was added and removed from .gitignore to adhere to composer best practices - Cleanups in LICENSE, README and tests -------------------------------------------------------------------------------- ChangeLog:
* Sun Apr 5 2020 Shawn Iwinski shawn@iwin.ski - 1.0.4-1 - Update to 1.0.4 (RHBZ #1742087) * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1742087 - php-brumann-polyfill-unserialize-1.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1742087 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update php-brumann-polyfill-unserialize' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org