Unserialize() has been disabled for security reasons


(please specify the website or account you are asking about)

Warning [2] unserialize() has been disabled for security reasons - Line: 112 - File: inc/class_datacache.php PHP 7.3.6 (Linux)”

(please share the FULL error message you see)

recently this was not a problem randomly MyBB is trying to get me to upgrade and when I try and do that it says the above I don’t understand how this has happened.

i want to highlight this site was fine only hours ago and i have made no changes to it.

(other information and details relevant to your question)

Maybe because of this?

Could you try to update it using Softaculous, or reinstall a latest version?

im aware of that can I highlight this sentence from my original post

I think the unserialize() has been deactivated by IFastNet a while ago for security reasons.

IFastNet had made many recent changes in security.

Im still not sure if they disabled it but according to my 10 seconds reseach, that function had a vulnerability.


thanks, @JavesPotato I’m going to leave this MyBB forum to post here for @Admin to look at


somehow the site is now fine thank the web god’s for there help

I need help i have this trouble “unserialize() has been disabled for security reasons”
What I need to do for activate again

I would say if I knew it seemingly just fixed its self for me after about 3 hours of downtime are you using MyBB?

Hi, I’m not using MyBB, I’m using that function with Cakephp 2.9 for my sessions I would like to enabled it again if it’s possible thank’s my dear nodrog 1061 or what I need to do for that trouble.

Sincerely Miriam.

i can’t really help you @Admin is the guy to talk to

Make a new topic so we could help you with your problem, rather than hijacking another topic. @Miceg29

1 Like

Security issues were found in old PHP version, which most websites were using before. Disabling the unserialize function is a mitigation that was applied after this issue came to light. Of course, unserialize is a quite common function, so this is a temporary fix. But servers are being upgraded right now to a new PHP version which doesn’t have this issue.

For the account of @nodrog1061, it has been upgraded to PHP 7.4, so unserialize should be working again.

For the account of @Miceg29, your account is currently using PHP 5.4. This is a very old version of PHP which may have unsolved security problems too. Unless you have a very good reason to use an older PHP version, you should switch to PHP 7.4 as well. And if you do have to use another PHP version, please use the latest version that your website will support.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.