specially crafted sessions can cause access to files via path traveral

Using a special crafted cURL request it is under strict conditions possible to access arbitrary files the webserver has access to. This requires you to use file-based sessions, a specific directory to exist on your server, and session payload encryption to be switched off. All released versions...