From ccfaf3e4713b1878241f1235a6fcb66ad0582d47 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 7 Dec 2022 21:02:22 +0100
Subject: Add unserialize_noclass

---
 doc/source/features.rst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'doc/source/features.rst')

diff --git a/doc/source/features.rst b/doc/source/features.rst
index 25fd62d..60dbbef 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -166,6 +166,8 @@ CVE-2016-9138 <https://bugs.php.net/bug.php?id=73147>`_, `2016-7124
 <https://bugs.php.net/bug.php?id=72663>`_, `CVE-2016-5771 and CVE-2016-5773
 <https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/>`_.
 
+A less subtle mitigation can be used to simply prevent the deserialization of objects altogether.
+
 
 Examples of related vulnerabilities
 """""""""""""""""""""""""""""""""""
-- 
cgit v1.3