Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

Greetings, all, and happy new year!

We've released three new versions of Zend Framework today:

- 1.12.10, which is a scheduled maintenance release.
- 2.2.9, which is a security release, addressing ZF2015-01
- 2.3.4, which is both a maintenance release, and a security release
(also ZF2015-01)

You can download them from:

- http://framework.zend.com/downloads/latest

and you can visit the changelogs at:

- http://framework.zend.com/changelog/1.12.10
- http://framework.zend.com/changelog/2.2.9
- http://framework.zend.com/changelog/2.3.4

The security issue patched with 2.2.9 and 2.3.4 is ZF2015-01:

- http://framework.zend.com/security/advisory/ZF2015-01

The advisory is for users of Zend\Session's validators; prior to these
releases, validator metadata was not being properly persisted to the
session, which meant it was being re-initialized on every request,
making every request valid. If you use this feature, we recommend
upgrading immediately.

Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]