Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

Greetings, all, and happy new year!

We've released three new versions of Zend Framework today:

- 1.12.10, which is a scheduled maintenance release.
- 2.2.9, which is a security release, addressing ZF2015-01
- 2.3.4, which is both a maintenance release, and a security release
(also ZF2015-01)

You can download them from:

- http://framework.zend.com/downloads/latest

and you can visit the changelogs at:

- http://framework.zend.com/changelog/1.12.10
- http://framework.zend.com/changelog/2.2.9
- http://framework.zend.com/changelog/2.3.4

The security issue patched with 2.2.9 and 2.3.4 is ZF2015-01:

- http://framework.zend.com/security/advisory/ZF2015-01

The advisory is for users of Zend\Session's validators; prior to these
releases, validator metadata was not being properly persisted to the
session, which meant it was being re-initialized on every request,
making every request valid. If you use this feature, we recommend
upgrading immediately.

Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]