The Zend Framework community is pleased to announce the immediate availability of Zend Framework 1.12.5!
This release fixes PHP 5.2 support for the 1.12 series. If you use PHP 5.2 with Zend Framework 1.12, we encourage you to upgrade immediately.
Yesterday's 1.12.4 release provided several security fixes around XML eXternal Entity and XML Entity Expansion attack vectors. Unfortunately, we had not reviewed our patch to consider PHP 5.2 support, and the code contained PHP closures -- which have only been available since PHP 5.3.
The code in the
Zend\Xml component was updated to remove the closures, and tests for all affected components were run to ensure they worked across PHP versions from 5.2 - 5.5.
A big thank you to those contributors who spotted the errors and provided the initial fixes, particularly Martin Hujer and Frank Brückner.
Subscribe to this blog via RSS.