diff options
author | Stanislav Malyshev <stas@php.net> | 2020-09-28 21:38:58 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2020-09-28 21:38:58 -0700 |
commit | 311922ddbe091afbbf63a344ec7b96e224ecf238 (patch) | |
tree | 7581a0f211409ef6f9b6505c11bfa97722647291 | |
parent | 6acfb79276809d70bafe91a45267c8a307ca900d (diff) | |
download | php-git-311922ddbe091afbbf63a344ec7b96e224ecf238.tar.gz |
Update UPGRADING
-rw-r--r-- | UPGRADING | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -151,6 +151,11 @@ Reflection: . Reflection export to string now uses `int` and `bool` instead of `integer` and `boolean`. +- SAPI: + . Starting with 7.3.24, incoming cookie names are not url-decoded. This was never + required by the standard, outgoing cookie names aren't encoded and this leads + to security issues (CVE-2020-7070). + SPL: . If an SPL autoloader throws an exception, following autoloaders will not be executed. Previously all autoloaders were executed and exceptions were |