> > 1. Disallow both serialization and unserialization. > > This will make the serialization issue very obvious, but will require > adjustments to exception handlers that serialize the stack traces.
Hi, Note that exception handlers that serialise stack traces without taking into account that the operation may fail, are already broken as of today, because common unserialisable objects, such as Closure instances (anonymous functions), may appear in stack traces. https://3v4l.org/tv1s1 <https://3v4l.org/tv1s1> https://3v4l.org/PGKnl <https://3v4l.org/PGKnl> Making SensitiveParameterValue fail on serialisation won’t break those handlers, but make their existing brokenness apparent in more cases (which is a good thing). —Claude
