ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ZF 1.12.4, 2.1.6, and 2.2.6 Released, with Security Updates!

weierophinney
Administrator
Greetings!

We've just pushed out a ton of new releases:

- Zend Framework 1.12.4
- Zend Framework 2.1.6
- Zend Framework 2.2.6
- a new component, ZendXml
- and a bunch of releases for individual service components.

These releases include a number of very important security fixes, including:

- Fixes for XML eXternal Entity (XXE) and XML Entity Expansion (XEE)
vulnerabilities
- Fixes to our OpenID consumers to prevent the ability for malicious
Identity Providers to spoof identities from other providers

We highly recommend updating to the latest versions of Zend Framework
at this time.

For more information, please read our release announcement:

- http://framework.zend.com/blog/zend-framework-1-12-4-2-1-6-and-2-2-6-released.html

--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]