diff options
author | Stanislav Malyshev <stas@php.net> | 2020-09-28 21:39:20 -0700 |
---|---|---|
committer | Derick Rethans <github@derickrethans.nl> | 2020-09-29 10:58:49 +0100 |
commit | e88dcdcdc86852bb5688afec05821a799bd3ad0d (patch) | |
tree | e09a38af565dde8d60a726323b6d812f5b3c6a52 | |
parent | 5ffcee9d48c4bf9e817d3d2890069004a3685482 (diff) | |
download | php-git-e88dcdcdc86852bb5688afec05821a799bd3ad0d.tar.gz |
Update UPGRADING
-rw-r--r-- | UPGRADING | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -125,6 +125,11 @@ DOM: After: ReflectionMethod::getClosure($object = null) The new signature is also (LSP) compatible with older PHP versions. +- SAPI: + . Starting with 7.4.12, incoming cookie names are not url-decoded. This was never + required by the standard, outgoing cookie names aren't encoded and this leads + to security issues (CVE-2020-7070). + - SPL: . Calling get_object_vars() on an ArrayObject instance will now always return the properties of the ArrayObject itself (or a subclass). Previously it |