Zend Framework 2.4.11 Released!

2016-12-20 | By: Matthew Weier O'Phinney

The Zend Framework community is pleased to announce the immediate availability of Zend Framework 2.4.11. You can download it from the Zend Framework site:

• http://framework.zend.com/downloads/latest

This is a Long Term Support release.

Security Fix

This release contains a fix for a potential remote code execution vulnerability when using the Zend\Mail\Transport\Sendmail transport adapter. Prior to this release, a maliciously crafted local address portion of a From address could potentially inject arguments to the system sendmail binary. This release provides detection of such addresses, and prevents attempts to send them.

For more information, please read the ZF2016-04 advisory.

The patch is provided against:

• Zend Framework 2.4.11
• zend-mail 2.4.11 and 2.7.2

Zend Framework 2.5 and 3.0 users who update via Composer will receive the zend-mail 2.7.2 version.

Long Term Support

As a reminder, the 2.4 series is our current Long Term Support release, and will receive security and critical bug fixes until 31 March 2018.

You can opt-in to the LTS version by pinning your zendframework/zendframework Composer requirement to the version ~2.4.0.

Visit our Long Term Support information page for more information.

SHARE:

Share

Subscribe

Subscribe to this blog via RSS.

Recent Posts

• Protecting passwords with Argon2 in PHP 7.2

  2017-08-17

• REST Representations for Expressive

  2017-08-08

• Apigility on Expressive Update for 2017-07-13

  2017-07-13

• Convert objects to arrays and back with zend-hydrator

  2017-06-21

• Validate data using zend-inputfilter

  2017-06-15

• Validate input using zend-validator

  2017-06-13

• Filter input using zend-filter

  2017-06-08

• Zend Framework and PHP 7.1

  2017-06-06

• Leverage Zend Component Plugin Managers in Expressive

  2017-05-18

• Context-specific escaping with zend-escaper

  2017-05-16