Zend Framework Community › ZF Contributor

ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

3 messages Options

weierophinney

ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

Administrator

Greetings!

We've just pushed out a ton of new releases:

- Zend Framework 1.12.4
- Zend Framework 2.1.6
- Zend Framework 2.2.6
- a new component, ZendXml
- and a bunch of releases for individual service components.

These releases include a number of very important security fixes, including:

- Fixes for XML eXternal Entity (XXE) and XML Entity Expansion (XEE)
vulnerabilities
- Fixes to our OpenID consumers to prevent the ability for malicious
Identity Providers to spoof identities from other providers

We highly recommend updating to the latest versions of Zend Framework
at this time.

For more information, please read our release announcement:

- http://framework.zend.com/blog/zend-framework-1-12-4-2-1-6-and-2-2-6-released.html

--
Matthew Weier O'Phinney
Project Lead | [hidden email]
Zend Framework | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

David Muir-2

Re: [fw-general] ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

Woot!

Appreciate all the hard work.

Cheers,
David

On 07/03/2014, at 11:23 AM, Matthew Weier O'Phinney <[hidden email]> wrote:

> Greetings!
>
> We've just pushed out a ton of new releases:
>
> - Zend Framework 1.12.4
> - Zend Framework 2.1.6
> - Zend Framework 2.2.6
> - a new component, ZendXml
> - and a bunch of releases for individual service components.
>
> These releases include a number of very important security fixes, including:
>
> - Fixes for XML eXternal Entity (XXE) and XML Entity Expansion (XEE)
> vulnerabilities
> - Fixes to our OpenID consumers to prevent the ability for malicious
> Identity Providers to spoof identities from other providers
>
> We highly recommend updating to the latest versions of Zend Framework
> at this time.
>
> For more information, please read our release announcement:
>
> - http://framework.zend.com/blog/zend-framework-1-12-4-2-1-6-and-2-2-6-released.html
>
> --
> Matthew Weier O'Phinney
> Project Lead | [hidden email]
> Zend Framework | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
> --
> List: [hidden email]
> Info: http://framework.zend.com/archives
> Unsubscribe: [hidden email]
>
>

Tim Fountain-2

Re: ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

In reply to this post by weierophinney

Great to see new releases!

Couple of issues:

1. The 1.12 docs are all 404'ing: http://framework.zend.com/manual/1.12/en/manual.html

2. A couple of people have mentioned that the 'extras' code in 1.12.4 is missing - I'm not sure if this was in the 'complete' release package before, or whether anything changed here (it's a long time since I used it). It looks like zendframework/zf1-extras does need to be added to packagist though.

Tim.

On 7 March 2014 00:23, Matthew Weier O'Phinney <[hidden email]> wrote:

Greetings!

We've just pushed out a ton of new releases:

- Zend Framework 1.12.4
- Zend Framework 2.1.6
- Zend Framework 2.2.6
- a new component, ZendXml
- and a bunch of releases for individual service components.

These releases include a number of very important security fixes, including:

- Fixes for XML eXternal Entity (XXE) and XML Entity Expansion (XEE)
vulnerabilities
- Fixes to our OpenID consumers to prevent the ability for malicious
Identity Providers to spoof identities from other providers

We highly recommend updating to the latest versions of Zend Framework
at this time.

For more information, please read our release announcement:

- http://framework.zend.com/blog/zend-framework-1-12-4-2-1-6-and-2-2-6-released.html

--
Matthew Weier O'Phinney
Project Lead | [hidden email]
Zend Framework | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
Tim Fountain
http://tfountain.co.uk/