Greetings!
We've just pushed out a ton of new releases:
- Zend Framework 1.12.4
- Zend Framework 2.1.6
- Zend Framework 2.2.6
- a new component, ZendXml
- and a bunch of releases for individual service components.
These releases include a number of very important security fixes, including:
- Fixes for XML eXternal Entity (XXE) and XML Entity Expansion (XEE)
vulnerabilities
- Fixes to our OpenID consumers to prevent the ability for malicious
Identity Providers to spoof identities from other providers
We highly recommend updating to the latest versions of Zend Framework
at this time.
For more information, please read our release announcement:
-
http://framework.zend.com/blog/zend-framework-1-12-4-2-1-6-and-2-2-6-released.html--
Matthew Weier O'Phinney
Project Lead |
[hidden email]
Zend Framework |
http://framework.zend.com/PGP key:
http://framework.zend.com/zf-matthew-pgp-key.asc