Presigned URLs Broken

[tfinniss]

Basic usage of presigned URLs is broken for me with an upgrade from 3.31.0 -> 3.65.0

$s3 = new S3Client([
    'region'  => getenv('S3_REGION'),
    'version' => 'latest',
]);

$cmd = $s3->getCommand('GetObject', [
  'Bucket' => getenv('S3_BUCKET'),
  'Key'    => 'casts/'. $p['file']
]);

$request = $s3->createPresignedRequest($cmd, '+1 hour');

return (string) $request->getUri();

The error for every attempt was

 <Code>SignatureDoesNotMatch</Code>

Within the URL itself I can see the differences are

 &X-Amz-SignedHeaders=host - WORKING (3.31)

and now it has

 &X-Amz-SignedHeaders=host%3Bx-amz-security-token - BROKEN (3.65)

If I revert src/Signature/SignatureV4.php back to version 3.31 the problem disappears.

I can see there is a commit for this file 19 hours ago "Add support for presigning additional headers (#1523)" - however I can't see any updated documentation on how to upgrade the current code to work with 3.65.0

Thanks

[kstich]

I'm able to reproduce this issue, we're working on a fix and hope to have it up shortly.