Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Zend Framework 1.12.10, 2.2.9, and 2.3.4 Released!

weierophinney
Administrator
Greetings, all, and happy new year!

We've released three new versions of Zend Framework today:

- 1.12.10, which is a scheduled maintenance release.
- 2.2.9, which is a security release, addressing ZF2015-01
- 2.3.4, which is both a maintenance release, and a security release
(also ZF2015-01)

You can download them from:

- http://framework.zend.com/downloads/latest

and you can visit the changelogs at:

- http://framework.zend.com/changelog/1.12.10
- http://framework.zend.com/changelog/2.2.9
- http://framework.zend.com/changelog/2.3.4

The security issue patched with 2.2.9 and 2.3.4 is ZF2015-01:

- http://framework.zend.com/security/advisory/ZF2015-01

The advisory is for users of Zend\Session's validators; prior to these
releases, validator metadata was not being properly persisted to the
session, which meant it was being re-initialized on every request,
making every request valid. If you use this feature, we recommend
upgrading immediately.

--
Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
http://framework.zend.com
http://apigility.org
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]