Zend Framework 1.12.13 Released!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Zend Framework 1.12.13 Released!

weierophinney
Administrator
We've just released Zend Framework 1.12.13!

- http://framework.zend.com/downloads/latest#ZF1

This release contains a fix for a regression introduced when patching
the message splitting vulnerability (ZF2015-04 - see
http://framework.zend.com/security/advisory/ZF2015-04) in version
1.12.12; the patch was too strict, and did not allow integers or
floats for header values, breaking headers such as Content-Length.
Version 1.12.13 fixes these situations specifically, ensuring both the
security model introduced in 1.12.12 while providing leniency for
these safe values.

If you use Zend_Http, or a component that depends on it (Zend_OpenId,
Zend_Oauth, the Zend_Service components, Zend_XmlRpc, etc.), we highly
recommend upgrading immediately.

--
Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
http://framework.zend.com
http://apigility.org
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc