Based on https://github.com/zendframework/zend-form/releases/tag/release-2.3.8 (commit e160ed89a05adcb106e773c6783fe7f4d796f875 in this repo)

SECURITY UPDATES
----------------

- **ZF2015-04**: `Laminas\Mail` and `Laminas\Http` were both susceptible to CRLF
  Injection Attack vectors (for HTTP, this is often referred to as HTTP Response
  Splitting). Both components were updated to perform header value validations
  to ensure no values contain characters not detailed in their corresponding
  specifications, and will raise exceptions on detection. Each also provides new
  facilities for both validating and filtering header values prior to injecting
  them into header classes.

  If you use either `Laminas\Mail` or `Laminas\Http` (which includes users of
  `Laminas\Mvc`), we recommend upgrading immediately.