Zend Framework 2.0.4 Released!

The Zend Framework community is pleased to announce the immediate availability of Zend Framework 2.0.4! Packages and installation instructions are available at:

• http://framework.zend.com/downloads/latest

Changes

ZF2 has shipped with two "view strategies" aimed at simplifying common use cases around developing JSON and XML APIs: Zend\View\Strategy\JsonStrategy and Zend\View\Strategy\FeedStrategy. Each of these would select an appropriate renderer based on one of the following criteria:

• If the view model present was of a specific type (e.g., JsonModel, FeedModel).
• If the Accept header contained the appropriate media type.

This latter condition sparked some worry that, when enabled at the application level (vs. enabled based on selected module, controller, action, or other more specific criteria), any endpoint could be forced to return JSON or Atom (based on the strategies registered), regardless of whether or not it was appropriate. This could lead to a couple bad situations:

• Data present in the view model not intended for actual display now being displayed.
• Raising of exceptions due to insuitability of certain view variables for serialization in the selected format (e.g., invalid feed data, non-JSON-serializeable objects, etc.); this could lead to resource consumption and potentially other vulnerabilities.

Based on these concerns, we made the following changes:

• The JsonStrategy and FeedStrategy now only ever select a renderer based on the current view model type: e.g. if you want to expose something as JSON, you must return a JsonModel.
• Introduced a new controller plugin, acceptableViewModelSelector(). This helper can be used to select an appropriate view model if the Accept header meets criteria you specify.

<?php
class SomeController extends AbstractActionController
{
    protected $acceptCriteria = array(
        'Zend\View\Model\JsonModel' => array(
            'application/json',
        ),
        'Zend\View\Model\FeedModel' => array(
            'application/rss+xml',
        ),
    );

    public function apiAction()
    {
        $viewModel = $this->acceptableViewModelSelector($this->acceptCriteria);
        
        // Potentially vary execution based on model returned
        if ($viewModel instanceof JsonModel) {
            // ...
        }
    }
}

The above would return a standard Zend\View\Model\ViewModel instance if the criteria is not met, and the specified view model types if the specific criteria is met. Rules are matched in order, with the first match "winning."

Changelog

In addition to the changes mentioned above, this release included more than 40 patches, ranging from minor docblock improvements to bugfixes. The full list is as follows:

• 2808: Add serializer better inheritance and extension
• 2813: Add test on canonical name with the ServiceManager
• 2832: bugfix: The helper DateFormat does not cache correctly when a pattern is set.
• 2837: Add empty option before empty check
• 2843: change self:: with static:: in call-ing static property/method
• 2857: Unnecessary path assembly on return in Zend\Mvc\Router\Http\TreeRouteStack->assemble() line 236
• 2867: Enable view sub-directories when using ModuleRouteListener
• 2872: Resolve naming conflicts in foreach statements
• 2878: Fix : change self:: with static:: in call-ing static property/method() in other components ( all )
• 2879: remove unused const in Zend\Barcode\Barcode.php
• 2896: Constraints in Zend\Db\Metadata\Source\AbstractSource::getTable not initalised
• 2907: Fixed proxy adapter keys being incorrectly set due Zend\Http\Client
• 2909: Change format of Form element DateTime and DateTimeLocal
• 2921: Added Chinese translations for zf2 validate/captcha resources
• 2924: small speed-up of Zend\EventManager\EventManager::triggerListeners()
• 2929: SetCookie::getFieldValue() always uses urlencode() for cookie values, even in case they are already encoded
• 2930: Add minor test coverage to MvcEvent
• 2932: Sessions: SessionConfig does not allow setting non-directory save path
• 2937: preserve matched route name within route match instance while forwarding...
• 2940: change 'Cloud\Decorator\Tag' to 'Cloud\Decorator\AbstractTag'
• 2941: Logical operator fix : 'or' change to '||' and 'and' change to '&&'
• 2952: Various Zend\Mvc\Router\Http routers turn + into a space in path segments
• 2957: Make Partial proxy to view render function
• 2971: Zend\Http\Cookie undefined self::CONTEXT_REQUEST
• 2976: Fix for #2541
• 2981: Controller action HttpResponse is not used by SendResponseListener
• 2983: replaced all calls to $this->xpath with $this->getXpath() to always have...
• 2986: Add class to file missing a class (fixes #2789)
• 2987: fixed Zend\Session\Container::exchangeArray
• 2994: Fixes #2993 - Add missing asterisk to method docblock
• 2997: Fixing abstract factory instantiation time
• 2999: Fix for GitHub issue 2579
• 3002: update master's resources/ja Zend_Validate.php message
• 3003: Adding tests for zendframework/zf2#2593
• 3006: Hotfix for #2497
• 3007: Fix for issue 3001 Zend\Db\Sql\Predicate\Between fails with min and max ...
• 3008: Hotfix for #2482
• 3009: Hotfix for #2451
• 3013: Solved Issue 2857
• 3025: Removing the separator between the hidden and the visible inputs. As the...
• 3027: Reduced #calls of plugin() in PhpRenderer using a cache mechanism
• 3029: Fixed the pre-commit script, missed the fix command
• 3030: Mark module as loaded before trigginer EVENT_LOAD_MODULE
• 3031: Zend\Db\Sql Fix for Insert's Merge and Set capabilities with simlar keys

Thank You!

Many thanks to all contributors to this release!

Reminder

Maintenance releases happen monthly on the third Wednesday. Additionally, we have the next minor release, 2.1.0, slated for sometime next month.