ZF Blog

Zend Framework 1.12.5 Released!

The Zend Framework community is pleased to announce the immediate availability of Zend Framework 1.12.5!

This release fixes PHP 5.2 support for the 1.12 series. If you use PHP 5.2 with Zend Framework 1.12, we encourage you to upgrade immediately.

5.2 support

Yesterday's 1.12.4 release provided several security fixes around XML eXternal Entity and XML Entity Expansion attack vectors. Unfortunately, we had not reviewed our patch to consider PHP 5.2 support, and the code contained PHP closures -- which have only been available since PHP 5.3.

The code in the Zend\Xml component was updated to remove the closures, and tests for all affected components were run to ensure they worked across PHP versions from 5.2 - 5.5.

Thank You!

A big thank you to those contributors who spotted the errors and provided the initial fixes, particularly Martin Hujer and Frank Bruckner.

Return to entries

blog comments powered by Disqus