XananasX7 d0cce3da70 fix(TaskProcessing): add allowed_classes to unserialize() in Manager cache ... The availableTaskTypes cache stores serialized arrays containing ShapeDescriptor objects, ShapeEnumValue objects, and EShapeType enum values. The unserialize() call did not restrict which classes could be instantiated. Restrict deserialization to the three known types: - OCP\TaskProcessing\ShapeDescriptor - OCP\TaskProcessing\ShapeEnumValue - OCP\TaskProcessing\EShapeType This prevents PHP Object Injection if an attacker gains write access to the distributed cache backend (e.g., a Redis instance without authentication or with weak ACLs), which is a known real-world attack vector in shared hosting and container environments.		2026-06-04 10:34:12 +02:00
..
composer	chore: Remove unused and long deprecated Remote components	2026-06-03 10:36:41 +02:00
l10n	fix(l10n): Update translations from Transifex	2026-06-04 00:23:44 +00:00
private	fix(TaskProcessing): add allowed_classes to unserialize() in Manager cache	2026-06-04 10:34:12 +02:00
public	Merge pull request #60167 from nextcloud/enh/noid/allow-http-progressive-stream-response	2026-06-03 16:24:48 +02:00
unstable	chore: Apply new coding standard to all files	2026-06-01 13:46:39 +02:00
base.php	fix: make sure the core app is loaded	2026-06-02 22:51:05 +02:00
versioncheck.php	ci(PHP): Test against 8.5 on CI	2025-12-19 15:34:34 +01:00