This repository has been archived by the owner on Nov 3, 2023. It is now read-only.

2.11.14

leofeyer released this 13 Feb 13:36

· 4706 commits to 3.5 since this release

f939b5b

Fixed

Do not pass POST data to the deserialize() function, so it is not vulnerable to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).

Assets 2