8.2.11 release announcement calls itself a security release. Somewhat strangely, the contemporaneous 8.1 release doesn't call itself a security release. I don't see anything in particular which jumps out as significantly security-impactful, other than maybe: - Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures). - Fixed bug GH-12060 (Internal iterator rewind handler is called twice). - Fix memory leak when setting an invalid DOMDocument encoding. - Fixed memory leak with failed SQLPrepare.