Jul-448 [patched]

JUL-448 represents a targeted update in our ongoing efforts to improve reliability and performance. As a focused revision, JUL-448 introduces streamlined processes, clearer specifications, and tighter compatibility with existing systems.

The 4.8.1 release includes:

When allowUrlInclude is , file_get_contents() can fetch any URL, including php:// wrappers. An attacker can therefore supply a URL that points to a malicious PHP stream wrapper or a remote server that returns a crafted payload. JUL-448