Zend Framework 1.12.17 and 2.4.9 Released!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Zend Framework 1.12.17 and 2.4.9 Released!

We're pleased to announce the immediate availability of:

- Zend Framework 1.12.17
- Zend Framework 2.4.9

Each are available to download via:

- http://framework.zend.com/downloads/latest

If you are using Composer, you can update to the latest version using:

- composer update

These releases provide patches for 2 security vulnerabilities:

- ZF2015-09 is an announcement of a security hardening patch for
Zend_Captcha/Zend\Captcha's word-based CAPTCHA adapters. The patch is
available in Zend Framework 1.12.7, Zend Framework 2.4.9, and
zendframework/zend-captcha 2.4.9 and 2.5.2.

- ZF2015-10 details an information disclosure vulnerability in
Zend\Crypt\PublicKey\Rsa due to insecure padding defaults in OpenSSL
and PHP when using RSA keys. A patch is available in Zend Framework
2.4.9 and zendframework/zend-crypt 2.4.9 and 2.5.2.

If you use word-based CAPTCHA adapters or Zend\Crypt\PublicKey\Rsa, we
advise you to upgrade immediately.

Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]