You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
***SECURITY** Fixes CVE-2021-3603 that may permit untrusted code to be run from an address validator, see SECURITY.md for details
***SECURITY** Fixes CVE-2021-3603 that may permit untrusted code to be run from an address validator, see [SECURITY.md](SECURITY.md) for details
* The fix for this issue includes a minor BC break: callables injected into `validateAddress`, or indirectly through the `$validator` class property, may no longer be simple strings. If you want to inject your own validator, provide a closure instead of a function name.
## Version 6.4.1 (April 29th, 2021)
***SECURITY** Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details
