Zend Framework 1.12.9, 2.2.8, and 2.3.3 Released!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Zend Framework 1.12.9, 2.2.8, and 2.3.3 Released!

weierophinney
Administrator
We have just released the following Zend Framework versions:

- 1.12.9
- 2.2.8
- 2.3.3

These are security releases. The relevant advisories are:

- http://framework.zend.com/security/advisory/ZF2014-05 - Anonymous
authentication in ldap_bind() function of PHP, using null byte
- http://framework.zend.com/security/advisory/ZF2014-06 - SQL
injection vector when manually quoting values for sqlsrv extension,
using null byte

If you use the LDAP extension or the sqlsrv extension, we recommend
upgrading immediately.

For more details on the release:

- http://framework.zend.com/blog/zend-framework-1-12-9-2-2-8-and-2-3-3-released.html

--
Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
http://framework.zend.com
http://apigility.org
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]