Security update for Core, with self-updated composer

[yaffs-website] / web / core / lib / Drupal / Component / Serialization / YamlPecl.php

diff --git a/web/core/lib/Drupal/Component/Serialization/YamlPecl.php b/web/core/lib/Drupal/Component/Serialization/YamlPecl.php
index 3a8bb898e4c57fe0b66faa2e7c4fb18730a051e8..a01f980fd78fc212d856ed769bc986e5dd45adef 100644 (file)
--- a/web/core/lib/Drupal/Component/Serialization/YamlPecl.php
+++ b/web/core/lib/Drupal/Component/Serialization/YamlPecl.php
@@ -29,6 +29,9 @@ class YamlPecl implements SerializationInterface {
   public static function decode($raw) {
     static $init;
     if (!isset($init)) {
+      // Decode binary, since Symfony YAML parser encodes binary from 3.1
+      // onwards.
+      ini_set('yaml.decode_binary', 1);
       // We never want to unserialize !php/object.
       ini_set('yaml.decode_php', 0);
       $init = TRUE;