Zend Framework 1.12.16 (2015-09-15)
Zend_Cloud
, Zend_Search_Lucene
, and Zend_Service_WindowsAzure
were creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002).