[MEDIUM] CVE-2019-18886: Prevent user enumeration using switch user functionality

PKSA-96vf-z7pm-9yfb CVE-2019-18886 GHSA-4vpc-5jx4-cfqg

Affected version: >=4.1.0,<4.2.0|>=4.2.0,<4.2.12|>=4.3.0,<4.3.8

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] CVE-2019-10911: Add a separator in the remember me cookie hash

PKSA-q3pf-cxf3-f7xy CVE-2019-10911 GHSA-cchx-mfrc-fwqr

Affected version: >=2.7.0,<2.7.51|>=2.8.0,<2.8.50|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.26|>=4.0.0,<4.1.0|>=4.1.0,<4.1.12|>=4.2.0,<4.2.7

Reported by:
GitHub, FriendsOfPHP/security-advisories