Regrettably, in our applications, php serialize() is often used instead of JSON as a serialization format used over wire. Instead of changing default regex for everyone (which could be a security risk in case target endpoint is untrusted), this allows to inject custom regex.
Checklist
[x] Updated CHANGELOG.md to describe BC breaks / deprecations | new feature | bugfix
[ ] Documentation pull request created (if not simply a bugfix)
dbu
commented
3 years ago
Regrettably, in our applications, php serialize() is often used instead of JSON as a serialization format used over wire. Instead of changing default regex for everyone (which could be a security risk in case target endpoint is untrusted), this allows to inject custom regex.
Checklist