Quantcast

Zend Framework 1.12.17 and 2.4.9 Released!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Zend Framework 1.12.17 and 2.4.9 Released!

weierophinney
Administrator
We're pleased to announce the immediate availability of:

- Zend Framework 1.12.17
- Zend Framework 2.4.9

Each are available to download via:

- http://framework.zend.com/downloads/latest

If you are using Composer, you can update to the latest version using:

- composer update

These releases provide patches for 2 security vulnerabilities:

- ZF2015-09 is an announcement of a security hardening patch for
Zend_Captcha/Zend\Captcha's word-based CAPTCHA adapters. The patch is
available in Zend Framework 1.12.7, Zend Framework 2.4.9, and
zendframework/zend-captcha 2.4.9 and 2.5.2.

- ZF2015-10 details an information disclosure vulnerability in
Zend\Crypt\PublicKey\Rsa due to insecure padding defaults in OpenSSL
and PHP when using RSA keys. A patch is available in Zend Framework
2.4.9 and zendframework/zend-crypt 2.4.9 and 2.5.2.

If you use word-based CAPTCHA adapters or Zend\Crypt\PublicKey\Rsa, we
advise you to upgrade immediately.

--
Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
http://framework.zend.com
http://apigility.org
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Loading...