An issue with Zend\Http\PhpEnvironment\RemoteAddress was reported in
#5374. Essentially, the class
was not checking if $_SERVER['REMOTE_ADDR'] was one of the trusted proxies
configured, and as a result, getIpAddressFromProxy() could return an untrusted
The class was updated to check if $_SERVER['REMOTE_ADDR'] is in the list of
trusted proxies, and, if so, will return that value immediately before
consulting the values in the X-Forwarded-For header.
If you use the RemoteAddrZend\Session validator, and are configuring
trusted proxies, we recommend updating to 2.2.5 or later immediately.
#5343 removed the
DateTimeFormatter filter from DateTime form elements. This was done
due to the fact that it led to unexpected behavior when non-date inputs were
provided. However, since the DateTime element already incorporates a
DateValidator that accepts a date format, validation can still work as