Zend Framework 1.12.9, 2.2.8, and 2.3.3 Released!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Zend Framework 1.12.9, 2.2.8, and 2.3.3 Released!

We have just released the following Zend Framework versions:

- 1.12.9
- 2.2.8
- 2.3.3

These are security releases. The relevant advisories are:

- http://framework.zend.com/security/advisory/ZF2014-05 - Anonymous
authentication in ldap_bind() function of PHP, using null byte
- http://framework.zend.com/security/advisory/ZF2014-06 - SQL
injection vector when manually quoting values for sqlsrv extension,
using null byte

If you use the LDAP extension or the sqlsrv extension, we recommend
upgrading immediately.

For more details on the release:

- http://framework.zend.com/blog/zend-framework-1-12-9-2-2-8-and-2-3-3-released.html

Matthew Weier O'Phinney
Principal Engineer
Project Lead, Zend Framework and Apigility
[hidden email]
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]