Changelog

1.12.16 (2010-05-23)

Zend Framework 1.12.16 (2015-09-15)

• 504: Cannot parse huge documents in Zend_Dom_Query
• 599: Wrong return type in DocBlock of Zend_Console_Getopt::getOption()
• 600: Undefined property $config in Zend_Http_Client_Adapter_Curl
• 604: add doccomments to Zend_Log covering its magic methods
• 606: Fix typo in Zend_Cache-Backends documentation.
• 610: Add ß (Latin small letter sharp s) to .de domain IDNA check
• 612: Zend_Validate_Hostname does not validate NTP hostnames starting with '0' character

SECURITY UPDATES

• ZF2015-07: A number of components, including Zend_Cloud, Zend_Search_Lucene, and Zend_Service_WindowsAzure were creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002).
• ZF2015-08: ZF2014-06 uncovered an issue in the sqlsrv adapter provided by the framework whereby null bytes were not filtered correctly when generating SQL. A reporter discovered the same vulnerability is present in our PDO implementation when used with pdo_dblib, and could potentially be applied to other PDO adapters. This release contains a patch to properly escape null bytes used in SQL queries across all PDO adapters shipped with the framework.

• Overview
• FAQ
• License
• Long Term Support
• Changelog