We've just released Zend Framework 1.12.13!
-
http://framework.zend.com/downloads/latest#ZF1This release contains a fix for a regression introduced when patching
the message splitting vulnerability (ZF2015-04 - see
http://framework.zend.com/security/advisory/ZF2015-04) in version
1.12.12; the patch was too strict, and did not allow integers or
floats for header values, breaking headers such as Content-Length.
Version 1.12.13 fixes these situations specifically, ensuring both the
security model introduced in 1.12.12 while providing leniency for
these safe values.
If you use Zend_Http, or a component that depends on it (Zend_OpenId,
Zend_Oauth, the Zend_Service components, Zend_XmlRpc, etc.), we highly
recommend upgrading immediately.
--
Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
http://framework.zend.comhttp://apigility.orgPGP key:
http://framework.zend.com/zf-matthew-pgp-key.asc--
List:
[hidden email]
Info:
http://framework.zend.com/archivesUnsubscribe:
[hidden email]