Zend Framework 1.12.13 Released!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Zend Framework 1.12.13 Released!

We've just released Zend Framework 1.12.13!

- http://framework.zend.com/downloads/latest#ZF1

This release contains a fix for a regression introduced when patching
the message splitting vulnerability (ZF2015-04 - see
http://framework.zend.com/security/advisory/ZF2015-04) in version
1.12.12; the patch was too strict, and did not allow integers or
floats for header values, breaking headers such as Content-Length.
Version 1.12.13 fixes these situations specifically, ensuring both the
security model introduced in 1.12.12 while providing leniency for
these safe values.

If you use Zend_Http, or a component that depends on it (Zend_OpenId,
Zend_Oauth, the Zend_Service components, Zend_XmlRpc, etc.), we highly
recommend upgrading immediately.

Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]