Hyperion v0.12.2

0.12.2 March 31 2022

• Fix deserialization type cache was shared between multiple serializer instances

0.12.1 March 23 2022

• Fix disallow-unsafe-type Akka.NET settings and harden unsafe type detection 301
• Bump Akka version from 1.4.34 to 1.4.35

0.12.0 January 12 2022

• Allow explicit control over which types can be deserialized #281

We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent deserialization of untrusted data. You can now create a custom deserialize layer type filter programmatically:

var typeFilter = TypeFilterBuilder.Create()
    .Include<AllowedClassA>()
    .Include<AllowedClassB>()
    .Build();
var options = SerializerOptions.Default
    .WithTypeFilter(typeFilter);
var serializer = new Serializer(options);

For complete documentation, please read the readme on filtering types for secure deserialization.

0.11.2 October 7 2021

• Fix exception thrown during deserialization when preserve object reference was turned on
  and a surrogate instance was inserted into a collection multiple times. #264
• Add support for AggregateException serialization. #266

0.11.1 August 17 2021

• Add unsafe deserialization type blacklist
• Bump Akka version from 1.4.21 to 1.4.23

We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes flag inside SerializerOptions (defaults to true).

The unsafe types that are currently blocked are:

• System.Security.Claims.ClaimsIdentity
• System.Windows.Forms.AxHost.State
• System.Windows.Data.ObjectDataProvider
• System.Management.Automation.PSObject
• System.Web.Security.RolePrincipal
• System.IdentityModel.Tokens.SessionSecurityToken
• SessionViewStateHistoryItem
• TextFormattingRunProperties
• ToolboxItemContainer
• System.Security.Principal.WindowsClaimsIdentity
• System.Security.Principal.WindowsIdentity
• System.Security.Principal.WindowsPrincipal
• System.CodeDom.Compiler.TempFileCollection
• System.IO.FileSystemInfo
• System.Activities.Presentation.WorkflowDesigner
• System.Windows.ResourceDictionary
• System.Windows.Forms.BindingSource
• Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider
• System.Diagnostics.Process
• System.Management.IWbemClassObjectFreeThreaded

0.11.0 July 8 2021

• Fix array of user defined structs serialization failure
• Remove dynamic keyword usage from array serializer
• Change field ordering to ordinal

Possible breaking changes

The change to the object serializer field ordering might cause a deserialization failure of persisted objects
that are serialized using the Hyperion serializer.

Please report any serialization problem that occurs after an upgrade to this version at the
issue tracker

0.10.2 June 30 2021

• Update Akka version to 1.4.21
• Add exception rethrow to help with debugging

0.10.1 April 20 2021

• Fix SerializerOptions constructor backward compatibility issue with Akka.NET

Changes:

• a7aac07 Merge pull request #308 from Arkatufus/master
• ead5056 Merge branch 'dev'
• 2190f14 Update RELEASE_NOTES.md for 0.12.2 release (#307)
• 3886408 Fix type cache cross pollination (#306)
• f310df6 Convert byte array key to type cache from static to instance bound (#305)
• ea7ef0f Version 0.12.0 release
• d26d24c Merge branch 'dev'
• 10a8b03 0.11.2 Release
• 728edc8 Version 0.11.1 Release
• 63cb41e Merge branch 'dev'

See More

• 1f40195 Version 0.11.0 Release
• cbe964e Merge branch 'dev'
• 071c880 Version 0.10.2 release
• 1c7a6d2 Merge branch 'dev'
• 615d9d1 Merge pull request #216 from akkadotnet/dev
• 7b6f992 Merge pull request #211 from akkadotnet/dev
• 255948e Merge pull request #207 from akkadotnet/dev
• 204e3c6 Merge pull request #179 from akkadotnet/dev
• 0f2044d Merge pull request #168 from akkadotnet/dev
• b6a4f25 Merge pull request #164 from akkadotnet/dev
• 457a5e7 Merge pull request #160 from akkadotnet/dev
• 2cf4598 Merge pull request #154 from akkadotnet/dev
• 326f89f Merge pull request #143 from akkadotnet/dev
• d9a9319 Merge pull request #136 from akkadotnet/dev
• b0075b4 Merge pull request #131 from akkadotnet/dev
• 72d6188 Merge pull request #94 from akkadotnet/dev
• 84eb198 Merge pull request #88 from akkadotnet/dev
• cf20153 Merge pull request #74 from akkadotnet/dev
• ff0a22c Fix nuget publish when symbols aren't required to nuget push (#69) (#70)
• d6f8418 Merge pull request #68 from heynickc/master

This list of changes was auto generated.