Implementation of secured unserialize() RFC here: https://wiki.php.net/rfc/secure_unserialize
secured unserialize - try 1, no BC
update for BC-compatible unserialize
What is the current status quo of memory bombs and array key attacks?
Core tests pass on windows and linux. Looks like like there is a green light at least in 5.4 the patch is made upon )
Closing, will move to master.