From 8a924774333ff907c27de88ce6cb95caf6d7a4d7 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Wed, 18 Feb 2026 16:50:55 -0600 Subject: [PATCH] prevent serialized classes --- config/cache.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/config/cache.php b/config/cache.php index b32aead2..dd22aa71 100644 --- a/config/cache.php +++ b/config/cache.php @@ -114,4 +114,17 @@ return [ 'prefix' => env('CACHE_PREFIX', Str::slug((string) env('APP_NAME', 'laravel')).'-cache-'), + /* + |-------------------------------------------------------------------------- + | Serializable Classes + |-------------------------------------------------------------------------- + | + | This value determines the classes that can be unserialized from cache + | storage. By default, no PHP classes will get unserialized from the + | cache to prevent gadget chain attacks if your APP_KEY is leaked. + | + */ + + 'serializable_classes' => false, + ];