[HIGH] EZSA-2018-009 Do not interpret PHP/PHAR uploads

PKSA-pyck-srww-rjvt GHSA-9895-26wr-4fgv

Affected version: >=2018.9.0,<2018.9.1.3|>=2018.6.0,<2018.6.1.4|>=2011.0.0,<2017.12.4.3|>=5.4.0,<5.4.12.3|>=5.3.0,<5.3.12.6

Reported by:
FriendsOfPHP/security-advisories, GitHub

[HIGH] EZSA-2018-006 XSS vulnerability in 'disabled module' error template

PKSA-n31w-wzc4-zw3b GHSA-jpwx-ffjq-wr4w

Affected version: >=2018.9.0,<2018.9.1.2|>=2018.6.0,<2018.6.1.3|>=2011.0.0,<2017.12.4.2|>=5.4.0,<5.4.12.2|>=5.3.0,<5.3.12.5

Reported by:
FriendsOfPHP/security-advisories, GitHub