The Zend Framework community is pleased to announce the immediate availability of:
Zend Framework 1.12.4
Zend Framework 2.1.6
Zend Framework 2.2.6
While these are scheduled maintenance releases, they also contain important security fixes; we strongly encourage users to upgrade.
Two new security advisories have been made:
For more information, follow the links above; if you use any of the components affected, please upgrade as soon as possible.
This is the first maintenance release in almost a year on the 1.12 series, and contains fixes too numerous to list. Among some of the more important ones, however:
Many thanks to all the contributors who helped polish ZF1, including both Frank Brückner and Adam Lundrigan, who provided a ton of patches and feedback, and to Rob Allen, our release manager, for shepherding in contributions!
2.1.6 is a security release only, and issued to provide fixes for ZF2014-01.
2.2.6 is both a security and maintenance release. It addresses specifically ZF2014-01. Additionally, more than 100 patches were contributed to this release.
For the complete list of changes, read the changelog.
We have released a new component, ZendXml, to help PHP developers mitigate XXE and XEE vectors in their own code. We highly recommend using it if you ware working with XML. It is available via Composer, as well as via our packages site.
The following components were updated, to the versions specified, to mitigate security issues.
As always, I'd like to thank the many contributors who made these releases possible! The project is gaining in consistency and capabilities daily as a result of your efforts.
We plan to ship version 2.3.0 sometime next week (week of 10 March 2014). We will likely adopt a semi-monthly maintenance release schedule thereafter.
Subscribe to this blog via RSS.