From b140da9286553dee50a381014ac13ee78472e958 Mon Sep 17 00:00:00 2001
From: Dmitry Dzygin <dmitry.dzygin@orckestra.com>
Date: Tue, 29 Mar 2022 16:08:11 +0200
Subject: [PATCH 1/5] ImageResizer - a backward compatibility fix

---
 .../Core/WebClient/Media/ImageResizer.cs      | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/Composite/Core/WebClient/Media/ImageResizer.cs b/Composite/Core/WebClient/Media/ImageResizer.cs
index 3c5856f84..ffb05a8c8 100644
--- a/Composite/Core/WebClient/Media/ImageResizer.cs
+++ b/Composite/Core/WebClient/Media/ImageResizer.cs
@@ -5,7 +5,6 @@
 using System.Drawing.Imaging;
 using System.IO;
 using System.Linq;
-using System.Security.Cryptography;
 using System.Text;
 using System.Web;
 using System.Web.Caching;
@@ -412,5 +411,25 @@ public static bool TargetMediaTypeSupported(string mediaType)
 
             return ImageFormatProviders.ContainsKey(mediaType);
         }
+
+        /// <exclude />
+        [Obsolete]
+        public class SupportedImageFormats
+        {
+            /// <exclude />
+            public static ImageFormat JPG => ImageFormat.Jpeg;
+
+            /// <exclude />
+            public static ImageFormat PNG => ImageFormat.Png;
+
+            /// <exclude />
+            public static ImageFormat TIFF => ImageFormat.Tiff;
+
+            /// <exclude />
+            public static ImageFormat GIF => ImageFormat.Gif;
+
+            /// <exclude />
+            public static ImageFormat BMP => ImageFormat.Bmp;
+        }
     }
 }

From 26555064dce0eed24b7393a335c1c3ed7a478bd4 Mon Sep 17 00:00:00 2001
From: Dmitry Dzygin <dmitry.dzygin@orckestra.com>
Date: Tue, 13 Sep 2022 13:58:27 +0200
Subject: [PATCH 2/5] CompositeSerializationBinder: performing type check on
 generic type arguments

---
 .../CompositeSerializationBinder.cs           | 25 +++++++++++++------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/Composite/Core/Serialization/CompositeSerializationBinder.cs b/Composite/Core/Serialization/CompositeSerializationBinder.cs
index 987401fc4..0c563974e 100644
--- a/Composite/Core/Serialization/CompositeSerializationBinder.cs
+++ b/Composite/Core/Serialization/CompositeSerializationBinder.cs
@@ -45,19 +45,30 @@ public override Type BindToType(string assemblyName, string typeName)
 
             var type = base.BindToType(assemblyName, typeName);
 
-            if (!TypeIsSupported(assemblyName, typeName, type))
-            {
-                throw new NotSupportedException($"Not supported object type '{typeName}'");
-            }
+            VerityTypeIsSupported(new AssemblyName(assemblyName), typeName, type);
 
             return type;
         }
 
-        private bool TypeIsSupported(string assemblyName, string typeName, Type type)
+        private void VerityTypeIsSupported(AssemblyName assemblyName, string typeFullName, Type type)
         {
-            assemblyName = new AssemblyName(assemblyName).Name;
+            if (!TypeIsSupported(assemblyName, typeFullName, type))
+            {
+                throw new NotSupportedException($"Not supported object type '{typeFullName}'");
+            }
 
-            if (assemblyName == typeof(object).Assembly.GetName().Name /* "mscorlib" */)
+            if (type.IsGenericType)
+            {
+                foreach (var typeArgument in type.GetGenericArguments())
+                {
+                    VerityTypeIsSupported(typeArgument.Assembly.GetName(), typeArgument.FullName, typeArgument);
+                }
+            }
+        }
+
+        private bool TypeIsSupported(AssemblyName assemblyName, string typeName, Type type)
+        {
+            if (assemblyName.Name == typeof(object).Assembly.GetName().Name /* "mscorlib" */)
             {
                 var dotOffset = typeName.LastIndexOf(".", StringComparison.Ordinal);
                 if (dotOffset > 0)

From a68c8387b0acde5bfcb916130cfbb836e0500e76 Mon Sep 17 00:00:00 2001
From: Dmitry Dzygin <dmitry.dzygin@orckestra.com>
Date: Mon, 26 Sep 2022 14:07:06 +0200
Subject: [PATCH 3/5] JSON deserialization settings: limiting MaxDepth to 128

---
 Composite/Core/Serialization/CompositeJsonSerializer.cs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/Composite/Core/Serialization/CompositeJsonSerializer.cs b/Composite/Core/Serialization/CompositeJsonSerializer.cs
index c1f88eebe..9fa8fea2f 100644
--- a/Composite/Core/Serialization/CompositeJsonSerializer.cs
+++ b/Composite/Core/Serialization/CompositeJsonSerializer.cs
@@ -132,7 +132,8 @@ public static T Deserialize<T>(string str)
             var obj = JsonConvert.DeserializeObject<T>(str, new JsonSerializerSettings
             {
                 TypeNameHandling = TypeNameHandling.Auto,
-                Binder = CompositeSerializationBinder.Instance
+                Binder = CompositeSerializationBinder.Instance,
+                MaxDepth = 128
             });
 
             return obj;
@@ -168,7 +169,8 @@ public static T Deserialize<T>(params string[] strs)
             var obj = JsonConvert.DeserializeObject<T>(combinedObj.ToString(), new JsonSerializerSettings
             {
                 TypeNameHandling = TypeNameHandling.Auto,
-                Binder = CompositeSerializationBinder.Instance
+                Binder = CompositeSerializationBinder.Instance,
+                MaxDepth = 128
             });
 
             return obj;
@@ -184,7 +186,8 @@ public static object Deserialize(string str)
             var obj = JsonConvert.DeserializeObject(str, new JsonSerializerSettings
             {
                 TypeNameHandling = TypeNameHandling.Objects,
-                Binder = CompositeSerializationBinder.Instance
+                Binder = CompositeSerializationBinder.Instance,
+                MaxDepth = 128
             });
 
             return obj;

From 07dae80b1646abce552b197fa8c7f5c45074e5a7 Mon Sep 17 00:00:00 2001
From: Dmitry Dzygin <dmitry.dzygin@orckestra.com>
Date: Tue, 27 Sep 2022 11:54:58 +0200
Subject: [PATCH 4/5] Fix #810: DataTypeDescriptor Clone does not clone
 "Cachable"

---
 Composite/Data/DynamicTypes/DataTypeDescriptor.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Composite/Data/DynamicTypes/DataTypeDescriptor.cs b/Composite/Data/DynamicTypes/DataTypeDescriptor.cs
index 358f1b9ea..f5c95ce75 100644
--- a/Composite/Data/DynamicTypes/DataTypeDescriptor.cs
+++ b/Composite/Data/DynamicTypes/DataTypeDescriptor.cs
@@ -548,6 +548,7 @@ public DataTypeDescriptor Clone()
                 BuildNewHandlerTypeName = this.BuildNewHandlerTypeName,
                 LabelFieldName = this.LabelFieldName,
                 InternalUrlPrefix = this.InternalUrlPrefix,
+                Cachable = this.Cachable,
                 Searchable = this.Searchable
             };
 

From 2c4c8cf7f3cd0a220fc0f98e10e9ab8722d79907 Mon Sep 17 00:00:00 2001
From: Dmitry Dzygin <dmitry.dzygin@orckestra.com>
Date: Tue, 27 Sep 2022 14:29:06 +0200
Subject: [PATCH 5/5] Updating version number to 6.13

---
 Composite/Properties/SharedAssemblyInfo.cs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Composite/Properties/SharedAssemblyInfo.cs b/Composite/Properties/SharedAssemblyInfo.cs
index 5e33eda19..d7202a510 100644
--- a/Composite/Properties/SharedAssemblyInfo.cs
+++ b/Composite/Properties/SharedAssemblyInfo.cs
@@ -2,9 +2,9 @@
 
 // General Information about the assemblies Composite and Composite.Workflows  
 #if !InternalBuild
-[assembly: AssemblyTitle("C1 CMS 6.12")]
+[assembly: AssemblyTitle("C1 CMS 6.13")]
 #else
-[assembly: AssemblyTitle("C1 CMS 6.12 (Internal Build)")]
+[assembly: AssemblyTitle("C1 CMS 6.13 (Internal Build)")]
 #endif
 
 [assembly: AssemblyCompany("Orckestra Technologies Inc.")]
@@ -13,4 +13,4 @@
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 
-[assembly: AssemblyVersion("6.12.*")]
+[assembly: AssemblyVersion("6.13.*")]