[MEDIUM] CVE-2017-16790: Ensure that submitted data are uploaded files

PKSA-6bs3-mdg3-dvk7 CVE-2017-16790 GHSA-cqqh-94r6-wjrg

Affected version: >=2.7.0,<2.7.38|>=2.8.0,<2.8.31|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.2.14|>=3.3.0,<3.3.13

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

PKSA-vjxr-btnx-3nkm CVE-2015-8125 GHSA-g97c-jfx6-xvxh

Affected version: >=2.3.0,<2.3.35|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.6.12|>=2.7.0,<2.7.7

Reported by:
GitHub, FriendsOfPHP/security-advisories