unserialize is insecure unless allowed classes are limited.

Pravin Gaikwadrequested to merge
issue/schema_metatag-3313577:3313577-unserialize-is-insecure into 8.x-2.x

Closes #3313577

Merge request reports