This release contains a fix for a regression introduced when patching
the message splitting vulnerability (ZF2015-04 - see
http://framework.zend.com/security/advisory/ZF2015-04) in version
1.12.12; the patch was too strict, and did not allow integers or
floats for header values, breaking headers such as Content-Length.
Version 1.12.13 fixes these situations specifically, ensuring both the
security model introduced in 1.12.12 while providing leniency for
these safe values.
If you use Zend_Http, or a component that depends on it (Zend_OpenId,
Zend_Oauth, the Zend_Service components, Zend_XmlRpc, etc.), we highly
recommend upgrading immediately.