The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.
The nocgicarp flag introduced in 3.2 has now been removed due to ill importing side effects. Instead, we now simply use Carp instead of CGI::Carp. You must now explicitly load CGI::Carp if you want it. Any code that used the brief-lived 'nocgicarp' feature will need to be updated.