Based on https://github.com/zendframework/zend-servicemanager/releases/tag/release-2.2.9 (commit 5dfa2993594071a4f72aa4185f26f056cf4e0226 in this repo)

SECURITY UPDATES
----------------

- **ZF2015-01:** Session validators were not run if set before session start.
  Essentially, the validators were writing to the `$_SESSION` superglobal before
  session start, which meant the data was overwritten once the session began.
  This meant on subsequent calls, the validators had no data to compare against,
  making the sessions automatically valid. We have provided patches to ensure
  that validators are run only after the session has begun, which will ensure
  they validate sessions correctly going forward. If you use `Laminas\Session`
  validators, we recommend upgrading immediately.