Add NEWS & UPGRADING

diff --git a/NEWS b/NEWS
index af42147e7342e1f3b4041b729bccdcc1ddee4add..50fe518b9b796fdbd2a6b1b0bd19b92b97692dfd 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -17,7 +17,9 @@ PHP                                                                        NEWS
   . Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk)
   . Fixed #67959 (Segfault when calling phpversion('spl')). (Florian)
   . Implemented the RFC `Catchable "Call to a member function bar() on a
-    non-object"` (Timm)
+    non-object"`. (Timm)
+  . Added options parameter for unserialize allowing to specify acceptable
+    classes (https://wiki.php.net/rfc/secure_unserialize). (Stas)
   . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered). (Julien)
 
 - DBA:

diff --git a/UPGRADING b/UPGRADING
index 61a512505bf83101f14a6eb89ef099f25d0a7604..fe282138d1096625e764e391058fbae528f45a43 100644 (file)
--- a/UPGRADING
+++ b/UPGRADING
@@ -76,6 +76,11 @@ PHP X.Y UPGRADE NOTES
 - parse_ini_file():
 - parse_ini_string():
   Added scanner mode INI_SCANNER_TYPED to yield typed .ini values.
+- unserialize():
+  Added second parameter for unserialize function 
+  (RFC: https://wiki.php.net/rfc/secure_unserialize) allowing to specify
+  acceptable classes: 
+  unserialize($foo, ["allowed_classes" => ["MyClass", "MyClass2"]);
 
 
 ========================================