--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-5c288acec8
2020-04-20 19:49:32.355214
--------------------------------------------------------------------------------
Name : php-brumann-polyfill-unserialize
Product : Fedora EPEL 7
Version : 1.0.4
Release : 1.el7
URL :
https://github.com/dbrumann/polyfill-unserialize
Summary : Backports unserialize options introduced in PHP 7.0
Description :
Backports unserialize options introduced in PHP 7.0 to older PHP versions. This
was originally designed as a Proof of Concept for Symfony Issue
[#21090](https://github.com/symfony/symfony/pull/21090).
You can use this package in projects that rely on PHP versions older than PHP
7.0. In case you are using PHP 7.0+ the original unserialize() will be used
instead.
From the
[
documentation](https://secure.php.net/manual/en/function.unserialize.php):
Warning: Do not pass untrusted user input to unserialize().
Unserialization
can result in code being loaded and executed due to object instantiation and
autoloading, and a malicious user may be able to exploit this.
This warning holds true even when `allowed_classes` is used.
Autoloader: /usr/share/php/Brumann/Polyfill/autoload.php
--------------------------------------------------------------------------------
Update Information:
## 1.0.4 This release provides minor improvements around type safety and some
cleanups. ### Changelog - Newer PHP versions were added to the build pipeline
to make sure no regressions are introduced when upgrading to PHP 7.2 or 7.3 -
Adds tests - Minor changes to `unserialize()` that should not alter the current
behavior: - Some if-conditions were simplified for better readability -
When checking for `in_array()` the third argument (strict type check) was added
- Instead of using `list()` inside the anonymous function `array_shift()` is
used. This will make sure the behavior will stay consistent between major
versions (not that this matters as with PHP 7 the global `unserialize()` will be
used anyway) - type coercion is applied to the extracted variables inside
the anonymous function, mainly to clarify `$objectSize` is an integer before
adding +1 to it - A `.gitattributes` file was added to ensure tests are stripped
from the final release to make the resulting dist file is a teeny tiny bit
smaller - A `composer.lock` was added and removed from .gitignore to adhere to
composer best practices - Cleanups in LICENSE, README and tests
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 5 2020 Shawn Iwinski <shawn(a)iwin.ski> - 1.0.4-1
- Update to 1.0.4 (RHBZ #1742087)
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1742087 - php-brumann-polyfill-unserialize-1.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1742087
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-brumann-polyfill-unserialize' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------