The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.
Updated tests for redirects to check for 'Found', not 'Moved'. This correctly matches the standard, and was changed in CGI.pm 3.16. As a result, we now require CGI.pm 3.16 for consistent results.