5.3.1 release

CHANGELOG.md

@@ -1,5 +1,12 @@
 # CHANGELOG
 
+## 5.3.1 - 2016-07-18
+
+* Address HTTP_PROXY security vulnerability, CVE-2016-5385:
+  https://httpoxy.org/
+* Event name fix: https://github.com/guzzle/guzzle/commit/fcae91ff31de41e312fe113ec3acbcda31b2622e
+* Response header case sensitivity fix: https://github.com/guzzle/guzzle/commit/043eeadf20ee40ddc6712faee4d3957a91f2b041
+
 ## 5.3.0 - 2015-05-19
 
 * Mock now supports `save_to`

src/Client.php

@@ -199,9 +199,12 @@ protected function getDefaultOptions()
             'verify'          => true
         ];
 
-        // Use the standard Linux HTTP_PROXY and HTTPS_PROXY if set
-        if ($proxy = getenv('HTTP_PROXY')) {
-            $settings['proxy']['http'] = $proxy;
+        // Use the standard Linux HTTP_PROXY and HTTPS_PROXY if set.
+        // We can only trust the HTTP_PROXY environment variable in a CLI
+        // process due to the fact that PHP has no reliable mechanism to
+        // get environment variables that start with "HTTP_".
+        if (php_sapi_name() == 'cli' && getenv('HTTP_PROXY')) {
+            $settings['proxy']['http'] = getenv('HTTP_PROXY');
         }
 
         if ($proxy = getenv('HTTPS_PROXY')) {

src/ClientInterface.php

@@ -11,7 +11,7 @@
  */
 interface ClientInterface extends HasEmitterInterface
 {
-    const VERSION = '5.3.0';
+    const VERSION = '5.3.1';
 
     /**
      * Create and return a new {@see RequestInterface} object.