From 588029a989401e0f32445174e8bf6242205ed2a7 Mon Sep 17 00:00:00 2001
From: Gina Peter Bnayard <girgias@php.net>
Date: Tue, 20 Aug 2024 16:28:01 +0200
Subject: [PATCH] [skip ci] Update NEWS/UPGRADING for allowed_classes option
 checks

---
 NEWS      | 5 +++++
 UPGRADING | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/NEWS b/NEWS
index 05ba8a9ba93..31c2a4fdda1 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,11 @@ PHP                                                                        NEWS
   . Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb,
     Kamil Tekiela)
 
+- Standard:
+  . The "allowed_classes" option for unserialize() now throws TypeErrors and
+    ValueErrors	if it is not an	array of class names. (Girgias)
+
+
 15 Aug 2024, PHP 8.4.0beta3
 
 - Core:
diff --git a/UPGRADING b/UPGRADING
index d9bc98f9b55..7778dbbde03 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -202,6 +202,8 @@ PHP 8.4 UPGRADE NOTES
     byte long or the empty string. This aligns the behaviour to be identical
     to that of fputcsv() and fgetcsv().
   . php_uname() now throws ValueErrors on invalid inputs.
+  . The "allowed_classes" option for unserialize() now throws TypeErrors and
+    ValueErrors if it is not an array of class names.
 
 - Tidy:
   . Failures in the constructor now throw exceptions rather than emitting