This is a security release.
- SECURITY Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details
- Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as
ssh2
- Ensure method signature consistency in
doCallback
calls - Ukrainian language update
- Add composer scripts for checking coding standards and running tests
Thanks to Fariskhi Vidyan for the report and assistance, and Tidelift for support.