[MEDIUM] Silent HTTPS proxy downgrade to cleartext

PKSA-k22t-f949-t9g6 CVE-2026-55568 GHSA-wpwq-4j6v-78m3

Affected version: <7.12.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] Dot-only cookie domains match all hosts

PKSA-93qv-9n9h-6k6p CVE-2026-55767 GHSA-cwxw-98qj-8qjx

Affected version: <7.12.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] CURLOPT_HTTPAUTH option not cleared on change of origin

PKSA-k1b4-kshy-xgbh CVE-2022-31090 GHSA-25mq-v84q-4j7r

Affected version: >=7,<7.4.5|>=4,<6.5.8

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Change in port should be considered a change in origin

PKSA-yfw5-9gnj-n2c7 CVE-2022-31091 GHSA-q559-8m2m-g699

Affected version: >=7,<7.4.5|>=4,<6.5.8

Reported by:
GitHub, FriendsOfPHP/security-advisories