The CakePHP core team is happy to announce the immediate availability of CakePHP 3.7.7, 3.6.15 and 3.5.18. These releases contain a security related fix for CVE-2019-11458. The vulnerability affects applications that open serialized content from user input. When doing so the SmtpTransport can be used to overwrite any file the webserver has write access to.
Thanks for this post. I would like know only the recent security updates. Only for security, please, not for other improvements. I have a site in production with 3.4 version and I need the fastest update with only security updates. ¿Is this possible? Thanks
You can view this in the changelog. This is the commit for the security vulnerability.