Update UPGRADING

author Stanislav Malyshev <stas@php.net>

Tue, 29 Sep 2020 04:38:58 +0000 (21:38 -0700)

committer Stanislav Malyshev <stas@php.net>

Tue, 29 Sep 2020 04:38:58 +0000 (21:38 -0700)
author Stanislav Malyshev <stas@php.net>
Tue, 29 Sep 2020 04:38:58 +0000 (21:38 -0700)
committer Stanislav Malyshev <stas@php.net>
Tue, 29 Sep 2020 04:38:58 +0000 (21:38 -0700)
diff --git a/UPGRADING b/UPGRADING

index 7944087c4374e0c2f7b3fb304df33c6226c5f67a..2e8d358075f2bde66a6bcc1f0d7c3e25fd7e8943 100644 (file)
--- a/UPGRADING
+++ b/UPGRADING
@@ -151,6 +151,11 @@ Reflection:
    . Reflection export to string now uses `int` and `bool` instead of `integer`
      and `boolean`.
  
+- SAPI:
+  . Starting with 7.3.24, incoming cookie names are not url-decoded. This was never 
+    required by the standard, outgoing cookie names aren't encoded and this leads 
+    to security issues (CVE-2020-7070).
+
  SPL:
    . If an SPL autoloader throws an exception, following autoloaders will not be
      executed. Previously all autoloaders were executed and exceptions were
author	Stanislav Malyshev <stas@php.net>
	Tue, 29 Sep 2020 04:38:58 +0000 (21:38 -0700)
committer	Stanislav Malyshev <stas@php.net>
	Tue, 29 Sep 2020 04:38:58 +0000 (21:38 -0700)