Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

weierophinney
Administrator
Greetings, all, and happy new year!

We've released three new versions of Zend Framework today:

- 1.12.10, which is a scheduled maintenance release.
- 2.2.9, which is a security release, addressing ZF2015-01
- 2.3.4, which is both a maintenance release, and a security release
(also ZF2015-01)

You can download them from:

- http://framework.zend.com/downloads/latest

and you can visit the changelogs at:

- http://framework.zend.com/changelog/1.12.10
- http://framework.zend.com/changelog/2.2.9
- http://framework.zend.com/changelog/2.3.4

The security issue patched with 2.2.9 and 2.3.4 is ZF2015-01:

- http://framework.zend.com/security/advisory/ZF2015-01

The advisory is for users of Zend\Session's validators; prior to these
releases, validator metadata was not being properly persisted to the
session, which meant it was being re-initialized on every request,
making every request valid. If you use this feature, we recommend
upgrading immediately.

--
Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
http://framework.zend.com
http://apigility.org
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
Reply | Threaded
Open this post in threaded view
|

RE: Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

Joe Gray
Unsubscribe

Joe Gray, CISSP-ISSMP, GSNA | Encompass Digital Media
DVIDS ISSO/Director of IT Security

3845 Pleasantdale Road | Atlanta, GA 30340 | www.encompass.tv
direct +1 678 421 6696 | mobile +1  678 429 8697 | [hidden email]


DVIDS - Defense Video & Imagery Distribution System You Tell The Story / We Tell The World
Powered by U.S. Third Army www.dvidshub.net www.twitter.com/DVIDShub www.facebook.com/dvids
[hidden email]

-----Original Message-----
From: Matthew Weier O'Phinney [mailto:[hidden email]]
Sent: Wednesday, January 14, 2015 5:52 PM
To: lists lists
Cc: lists lists; lists lists
Subject: [zf-contributors] Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

Greetings, all, and happy new year!

We've released three new versions of Zend Framework today:

- 1.12.10, which is a scheduled maintenance release.
- 2.2.9, which is a security release, addressing ZF2015-01
- 2.3.4, which is both a maintenance release, and a security release (also ZF2015-01)

You can download them from:

- http://framework.zend.com/downloads/latest

and you can visit the changelogs at:

- http://framework.zend.com/changelog/1.12.10
- http://framework.zend.com/changelog/2.2.9
- http://framework.zend.com/changelog/2.3.4

The security issue patched with 2.2.9 and 2.3.4 is ZF2015-01:

- http://framework.zend.com/security/advisory/ZF2015-01

The advisory is for users of Zend\Session's validators; prior to these releases, validator metadata was not being properly persisted to the session, which meant it was being re-initialized on every request, making every request valid. If you use this feature, we recommend upgrading immediately.

--
Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility [hidden email] http://framework.zend.com http://apigility.org PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
Reply | Threaded
Open this post in threaded view
|

Re: Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

Ralf Eggert
In reply to this post by weierophinney
Nice one and very good work. Especially thanks to Marco!

Matthew, are there any official news on the forthcoming release plans?

Thanks and best regards,

Ralf