From 3a01a1171d535a3dde9cbc04bdb025a972e590d2 Mon Sep 17 00:00:00 2001
From: Volker Dusch <volker@tideways-gmbh.com>
Date: Tue, 26 May 2026 23:17:55 +0200
Subject: [PATCH] unserialization: Documented allowed-classes option with enums

---
 language/enumerations.xml               | 5 +++++
 reference/var/functions/unserialize.xml | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/language/enumerations.xml b/language/enumerations.xml
index 997897015312..118ca3286d39 100644
--- a/language/enumerations.xml
+++ b/language/enumerations.xml
@@ -816,6 +816,11 @@ print serialize(Suit::Hearts);
    On deserialization, if an enum and case cannot be found to match a serialized
    value a warning will be issued and &false; returned.</para>
 
+  <para>
+   The <literal>allowed_classes</literal> option of
+   <function>unserialize</function> does not affect enums.
+  </para>
+
   <para>
    If a Pure Enum is serialized to JSON, an error will be thrown. If a Backed Enum
    is serialized to JSON, it will be represented by its scalar value only, in the
diff --git a/reference/var/functions/unserialize.xml b/reference/var/functions/unserialize.xml
index 966e1bcc9a8b..432738d60538 100644
--- a/reference/var/functions/unserialize.xml
+++ b/reference/var/functions/unserialize.xml
@@ -103,6 +103,9 @@
             Omitting this option is the same as defining it as &true;: PHP
             will attempt to instantiate objects of any class.
            </simpara>
+           <simpara>
+            This option does not affect enums.
+           </simpara>
           </entry>
          </row>
          <row>