ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

weierophinney
Administrator
Greetings!

We've just pushed out a ton of new releases:

- Zend Framework 1.12.4
- Zend Framework 2.1.6
- Zend Framework 2.2.6
- a new component, ZendXml
- and a bunch of releases for individual service components.

These releases include a number of very important security fixes, including:

- Fixes for XML eXternal Entity (XXE) and XML Entity Expansion (XEE)
vulnerabilities
- Fixes to our OpenID consumers to prevent the ability for malicious
Identity Providers to spoof identities from other providers

We highly recommend updating to the latest versions of Zend Framework
at this time.

For more information, please read our release announcement:

- http://framework.zend.com/blog/zend-framework-1-12-4-2-1-6-and-2-2-6-released.html

--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
Reply | Threaded
Open this post in threaded view
|

Re: [fw-general] ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

David Muir-2
Woot!

Appreciate all the hard work.

Cheers,
David

On 07/03/2014, at 11:23 AM, Matthew Weier O'Phinney <[hidden email]> wrote:

> Greetings!
>
> We've just pushed out a ton of new releases:
>
> - Zend Framework 1.12.4
> - Zend Framework 2.1.6
> - Zend Framework 2.2.6
> - a new component, ZendXml
> - and a bunch of releases for individual service components.
>
> These releases include a number of very important security fixes, including:
>
> - Fixes for XML eXternal Entity (XXE) and XML Entity Expansion (XEE)
> vulnerabilities
> - Fixes to our OpenID consumers to prevent the ability for malicious
> Identity Providers to spoof identities from other providers
>
> We highly recommend updating to the latest versions of Zend Framework
> at this time.
>
> For more information, please read our release announcement:
>
> - http://framework.zend.com/blog/zend-framework-1-12-4-2-1-6-and-2-2-6-released.html
>
> --
> Matthew Weier O'Phinney
> Project Lead            | [hidden email]
> Zend Framework          | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
> --
> List: [hidden email]
> Info: http://framework.zend.com/archives
> Unsubscribe: [hidden email]
>
>

Reply | Threaded
Open this post in threaded view
|

Re: ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

Tim Fountain-2
In reply to this post by weierophinney
Great to see new releases!

Couple of issues:


2. A couple of people have mentioned that the 'extras' code in 1.12.4 is missing - I'm not sure if this was in the 'complete' release package before, or whether anything changed here (it's a long time since I used it). It looks like zendframework/zf1-extras does need to be added to packagist though.


Tim.


On 7 March 2014 00:23, Matthew Weier O'Phinney <[hidden email]> wrote:
Greetings!

We've just pushed out a ton of new releases:

- Zend Framework 1.12.4
- Zend Framework 2.1.6
- Zend Framework 2.2.6
- a new component, ZendXml
- and a bunch of releases for individual service components.

These releases include a number of very important security fixes, including:

- Fixes for XML eXternal Entity (XXE) and XML Entity Expansion (XEE)
vulnerabilities
- Fixes to our OpenID consumers to prevent the ability for malicious
Identity Providers to spoof identities from other providers

We highly recommend updating to the latest versions of Zend Framework
at this time.

For more information, please read our release announcement:

- http://framework.zend.com/blog/zend-framework-1-12-4-2-1-6-and-2-2-6-released.html

--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc



--
Tim Fountain
http://tfountain.co.uk/