The branch "master" has been updated. The following is a summary of the commits.
from: 8d19f07d87a6320df5de6b293ec05a49502005ff a526249 Address ZDI-20-1051 / ZDI-CAN-10436: Prevent deserializing a class. 5f9aef5 Merge pull request #10 from maintaina-com/fix-upstream-ZDI-20-1051 Summary: https://github.com/horde/imp/compare/8d19f07d87a6...5f9aef5b2d39 ----------------------------------------------------------------------- commit a5262497903617af126fb529ac0bd2770f610b8d Author: Ralf Lang <ralf.l...@ralf-lang.de> Date: Wed, 12 Oct 2022 18:06:43 +0200 Address ZDI-20-1051 / ZDI-CAN-10436: Prevent deserializing a class. Also guard against some other possibly unwanted deserialisations. It is debatable if this constitutes an actual attack vector before the change. However, the change rules out any such possibility. M lib/Prefs/Sort.php https://github.com/horde/imp/commit/a5262497903617af126fb529ac0bd2770f610b8d ----------------------------------------------------------------------- commit 5f9aef5b2d3980f9633bee49c32e7a25864478d1 Author: Michael J Rubinsky <mrubi...@horde.org> Date: Sat, 22 Oct 2022 16:38:54 -0400 Merge pull request #10 from maintaina-com/fix-upstream-ZDI-20-1051 Address ZDI-20-1051 / ZDI-CAN-10436: Prevent deserializing a class. M lib/Prefs/Sort.php https://github.com/horde/imp/commit/5f9aef5b2d3980f9633bee49c32e7a25864478d1 -- commits mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: commits-unsubscr...@lists.horde.org