Hyperion v0.12.1

0.12.1 March 23 2022

• Fix disallow-unsafe-type Akka.NET settings and harden unsafe type detection 301
• Bump Akka version from 1.4.34 to 1.4.35

0.12.0 January 12 2022

• Allow explicit control over which types can be deserialized #281

We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent deserialization of untrusted data. You can now create a custom deserialize layer type filter programmatically:

var typeFilter = TypeFilterBuilder.Create()
    .Include<AllowedClassA>()
    .Include<AllowedClassB>()
    .Build();
var options = SerializerOptions.Default
    .WithTypeFilter(typeFilter);
var serializer = new Serializer(options);

For complete documentation, please read the readme on filtering types for secure deserialization.

0.11.2 October 7 2021

• Fix exception thrown during deserialization when preserve object reference was turned on
  and a surrogate instance was inserted into a collection multiple times. #264
• Add support for AggregateException serialization. #266

0.11.1 August 17 2021

• Add unsafe deserialization type blacklist
• Bump Akka version from 1.4.21 to 1.4.23

We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes flag inside SerializerOptions (defaults to true).

The unsafe types that are currently blocked are:

• System.Security.Claims.ClaimsIdentity
• System.Windows.Forms.AxHost.State
• System.Windows.Data.ObjectDataProvider
• System.Management.Automation.PSObject
• System.Web.Security.RolePrincipal
• System.IdentityModel.Tokens.SessionSecurityToken
• SessionViewStateHistoryItem
• TextFormattingRunProperties
• ToolboxItemContainer
• System.Security.Principal.WindowsClaimsIdentity
• System.Security.Principal.WindowsIdentity
• System.Security.Principal.WindowsPrincipal
• System.CodeDom.Compiler.TempFileCollection
• System.IO.FileSystemInfo
• System.Activities.Presentation.WorkflowDesigner
• System.Windows.ResourceDictionary
• System.Windows.Forms.BindingSource
• Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider
• System.Diagnostics.Process
• System.Management.IWbemClassObjectFreeThreaded

0.11.0 July 8 2021

• Fix array of user defined structs serialization failure
• Remove dynamic keyword usage from array serializer
• Change field ordering to ordinal

Possible breaking changes

The change to the object serializer field ordering might cause a deserialization failure of persisted objects
that are serialized using the Hyperion serializer.

Please report any serialization problem that occurs after an upgrade to this version at the
issue tracker

0.10.2 June 30 2021

• Update Akka version to 1.4.21
• Add exception rethrow to help with debugging

0.10.1 April 20 2021

• Fix SerializerOptions constructor backward compatibility issue with Akka.NET

Changes:

• 28d3c58 Version 0.12.1 release (#302)
• af18916 Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.1.0 (#297)
• be6f95a Bump AkkaVersion from 1.4.34 to 1.4.35 (#300)
• 82f3347 Fix disallow-unsafe-type Akka.NET settings and harden unsafe type detection (#301)
• 6486308 Bump FluentAssertions from 6.3.0 to 6.5.1 (#295)
• 15e2fd9 Bump ApprovalTests from 5.7.1 to 5.7.2 (#298)
• a2a9563 Bump AkkaVersion from 1.4.33 to 1.4.34 (#299)
• 2f2dd11 Bump FSharp.Core from 6.0.1 to 6.0.3 (#292)
• 7d4b320 Bump coverlet.collector from 3.1.0 to 3.1.2 (#293)
• 6317c96 Bump AkkaVersion from 1.4.31 to 1.4.33 (#296)

This list of changes was auto generated.