Zend Framework 2.0.5 Released -- includes security updates

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Zend Framework 2.0.5 Released -- includes security updates

The Zend Framework community is pleased to announce the immediate
availability of Zend Framework 2.0.5! Packages and installation
instructions are available at:


Security Announcement

This release is a security release, and contains fixes to both the
Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl
classes. If you are using either, we recommend upgrading immediately.
For more information, please read the ZF2012-04 advisory details
(http://framework.zend.com/security/advisory/ZF2012-04). Thanks goes to
Fabien Potencier for alerting us of the issues and working with us on
appropriate fixes.


In addition to the security fixes mentioned above, this release included
five other patches, mostly trivial. The full list is as follows:

    3004: Zend\Db unit tests fail with code coverage enabled
    3039: combine double if into single conditional
    3042: fix typo 'consist of' should be 'consists of' in singular
    3045: Reduced the #calls of rawurlencode() using a cache mechanism
    3048: Applying quickfix for zendframework/zf2#3004
    3095: Process X-Forwarded-For header in correct order

Thank You!

Many thanks to all contributors to this release!


Maintenance releases happen monthly on the third Wednesday.
Additionally, we have the next minor release, 2.1.0, slated for sometime
next month.

Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc