If you are using Composer, you can update to the latest version using:
- composer update
These releases provide patches for 2 security vulnerabilities:
- ZF2015-09 is an announcement of a security hardening patch for
Zend_Captcha/Zend\Captcha's word-based CAPTCHA adapters. The patch is
available in Zend Framework 1.12.7, Zend Framework 2.4.9, and
zendframework/zend-captcha 2.4.9 and 2.5.2.
- ZF2015-10 details an information disclosure vulnerability in
Zend\Crypt\PublicKey\Rsa due to insecure padding defaults in OpenSSL
and PHP when using RSA keys. A patch is available in Zend Framework
2.4.9 and zendframework/zend-crypt 2.4.9 and 2.5.2.
If you use word-based CAPTCHA adapters or Zend\Crypt\PublicKey\Rsa, we
advise you to upgrade immediately.