Zend Framework 2.0.5 Released -- includes security updates

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Zend Framework 2.0.5 Released -- includes security updates

weierophinney
Administrator
The Zend Framework community is pleased to announce the immediate
availability of Zend Framework 2.0.5! Packages and installation
instructions are available at:

    http://framework.zend.com/downloads/latest

Security Announcement
---------------------

This release is a security release, and contains fixes to both the
Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl
classes. If you are using either, we recommend upgrading immediately.
For more information, please read the ZF2012-04 advisory details
(http://framework.zend.com/security/advisory/ZF2012-04). Thanks goes to
Fabien Potencier for alerting us of the issues and working with us on
appropriate fixes.

Changelog
---------

In addition to the security fixes mentioned above, this release included
five other patches, mostly trivial. The full list is as follows:

    3004: Zend\Db unit tests fail with code coverage enabled
    3039: combine double if into single conditional
    3042: fix typo 'consist of' should be 'consists of' in singular
    3045: Reduced the #calls of rawurlencode() using a cache mechanism
    3048: Applying quickfix for zendframework/zf2#3004
    3095: Process X-Forwarded-For header in correct order

Thank You!
----------

Many thanks to all contributors to this release!

Reminder
--------

Maintenance releases happen monthly on the third Wednesday.
Additionally, we have the next minor release, 2.1.0, slated for sometime
next month.


--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc