. Reflection export to string now uses `int` and `bool` instead of `integer`
and `boolean`.
+- SAPI:
+ . Starting with 7.3.24, incoming cookie names are not url-decoded. This was never
+ required by the standard, outgoing cookie names aren't encoded and this leads
+ to security issues (CVE-2020-7070).
+
SPL:
. If an SPL autoloader throws an exception, following autoloaders will not be
executed. Previously all autoloaders were executed and exceptions were