Based on https://github.com/zendframework/zend-servicemanager/releases/tag/release-2.3.8 (commit 21876066f467979d73d0721ed8914fe445af057d in this repo)

SECURITY UPDATES
----------------

- **ZF2015-04**: `Laminas\Mail` and `Laminas\Http` were both susceptible to CRLF
  Injection Attack vectors (for HTTP, this is often referred to as HTTP Response
  Splitting). Both components were updated to perform header value validations
  to ensure no values contain characters not detailed in their corresponding
  specifications, and will raise exceptions on detection. Each also provides new
  facilities for both validating and filtering header values prior to injecting
  them into header classes.

  If you use either `Laminas\Mail` or `Laminas\Http` (which includes users of
  `Laminas\Mvc`), we recommend upgrading immediately.