From 311922ddbe091afbbf63a344ec7b96e224ecf238 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 28 Sep 2020 21:38:58 -0700 Subject: [PATCH] Update UPGRADING --- UPGRADING | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/UPGRADING b/UPGRADING index 7944087c43..2e8d358075 100644 --- a/UPGRADING +++ b/UPGRADING @@ -151,6 +151,11 @@ Reflection: . Reflection export to string now uses `int` and `bool` instead of `integer` and `boolean`. +- SAPI: + . Starting with 7.3.24, incoming cookie names are not url-decoded. This was never + required by the standard, outgoing cookie names aren't encoded and this leads + to security issues (CVE-2020-7070). + SPL: . If an SPL autoloader throws an exception, following autoloaders will not be executed. Previously all autoloaders were executed and exceptions were -- 2.50.1