| InterMix Version | PHP Version | Security Updates |
|---|---|---|
| 2.x | 8.3+ | ✅ |
| 1.x | 8.0 - 8.2 | ❌ |
| < 1.0 | < 8.0 | ❌ |
Please report security vulnerabilities privately.
- Subject:
SECURITY: infocyph/intermix - <short title> - Include:
- affected version
- impact summary
- reproduction steps or PoC
- suggested fix (if available)
Please do not open a public GitHub issue for unpatched vulnerabilities.
ValueSerializer::decode()/ValueSerializer::unserialize()should only process trusted payloads.- For untrusted transport channels, enable payload signing:
use Infocyph\InterMix\Serializer\ValueSerializer;
ValueSerializer::setPayloadSigningKey($_ENV['INTERMIX_SIGNING_KEY']);