diff --git a/Classes/Core/Runtime/FormRuntime.php b/Classes/Core/Runtime/FormRuntime.php
index 4aa5377..eb892f5 100644
--- a/Classes/Core/Runtime/FormRuntime.php
+++ b/Classes/Core/Runtime/FormRuntime.php
@@ -99,6 +99,13 @@ class FormRuntime implements RootRenderableInterface, \ArrayAccess
      */
     protected $formState;
 
+    /**
+     * @Flow\InjectConfiguration(path="formState.allowedClasses")
+     * @var array
+     * @internal
+     */
+    protected $allowedClassesInFormState;
+
     /**
      * The current page is the page which will be displayed to the user
      * during rendering.
@@ -181,7 +188,7 @@ protected function initializeFormStateFromRequest()
             $this->formState = new FormState();
         } else {
             $serializedFormState = $this->hashService->validateAndStripHmac($serializedFormStateWithHmac);
-            $this->formState = unserialize(base64_decode($serializedFormState), ['allowed_classes' => [FormState::class, \DateTime::class, \DateTimeImmutable::class]]);
+            $this->formState = unserialize(base64_decode($serializedFormState), ['allowed_classes' => array_filter($this->allowedClassesInFormState)]);
         }
     }
 
diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml
index f76073d..409a22f 100644
--- a/Configuration/Settings.yaml
+++ b/Configuration/Settings.yaml
@@ -5,6 +5,11 @@ Neos:
       savePath: '%FLOW_PATH_DATA%Forms/'
     supertypeResolver:
       hiddenProperties: {  }
+    formState:
+      allowedClasses:
+        FormState: Neos\Form\Core\Runtime\FormState
+        DateTime: DateTime
+        DateTimeImmutable: DateTimeImmutable
     presets:
       default:
         title: Default