Changelog (https://github.com/symfony/symfony/compare/v6.4.13...v6.4.14)

• bug #58772 [DoctrineBridge] Backport detection fix of Xml/Yaml driver in DoctrineExtension (@MatTheCat)
• security #cve-2024-51736 [Process] Use PATH before CD to load the shell on Windows (@nicolas-grekas)
• security #cve-2024-50342 [HttpClient] Filter private IPs before connecting when Host == IP (@nicolas-grekas)
• security #cve-2024-50345 [HttpFoundation] Reject URIs that contain invalid characters (@nicolas-grekas)
• security #cve-2024-50340 [Runtime] Do not read from argv on non-CLI SAPIs (@wouterj)
• bug #58765 [VarDumper] fix detecting anonymous exception classes on Windows and PHP 7 (@xabbuh)
• bug #58757 [RateLimiter] Fix DateInterval normalization (@danydev)
• bug #58754 [Security] Store original token in token storage when implicitly exiting impersonation (@wouterj)
• bug #58753 [Cache] Fix clear() when using Predis (@nicolas-grekas)
• bug #58713 [Config] Handle Phar absolute path in FileLocator (@alexandre-daubois)
• bug #58728 [WebProfilerBundle] Re-add missing Profiler shortcuts on Profiler homepage (@welcoMattic)
• bug #58739 [WebProfilerBoundle] form data collector check passed and resolved options are defined (@vltrof)
• bug #58752 [Process] Fix escaping /X arguments on Windows (@nicolas-grekas)
• bug #58735 [Process] Return built-in cmd.exe commands directly in ExecutableFinder (@Seldaek)
• bug #58723 [Process] Properly deal with not-found executables on Windows (@nicolas-grekas)
• bug #58711 [Process] Fix handling empty path found in the PATH env var with ExecutableFinder (@nicolas-grekas)
• bug #58704 [HttpClient] fix for HttpClientDataCollector fails if proc_open is disabled via php.ini (@ZaneCEO)

[PR] https://github.com/symfony/symfony/pull/58778 [SECURITY] Security release