We're pleased to announce the immediate availability of:
- Zend Framework 1.12.17
- Zend Framework 2.4.9
Each are available to download via:
-
http://framework.zend.com/downloads/latestIf you are using Composer, you can update to the latest version using:
- composer update
These releases provide patches for 2 security vulnerabilities:
- ZF2015-09 is an announcement of a security hardening patch for
Zend_Captcha/Zend\Captcha's word-based CAPTCHA adapters. The patch is
available in Zend Framework 1.12.7, Zend Framework 2.4.9, and
zendframework/zend-captcha 2.4.9 and 2.5.2.
- ZF2015-10 details an information disclosure vulnerability in
Zend\Crypt\PublicKey\Rsa due to insecure padding defaults in OpenSSL
and PHP when using RSA keys. A patch is available in Zend Framework
2.4.9 and zendframework/zend-crypt 2.4.9 and 2.5.2.
If you use word-based CAPTCHA adapters or Zend\Crypt\PublicKey\Rsa, we
advise you to upgrade immediately.
--
Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
http://framework.zend.comhttp://apigility.orgPGP key:
http://framework.zend.com/zf-matthew-pgp-key.asc