ZF2014-01: Potential XXE/XEE attacks using PHP functions:
xml_parse. A new component,
Zend_Xml, was introduced to mitigate XML eXternal Entity and XML Entity
Expansion vectors that are present in older versions of libxml2 and/or PHP.
Components that could contain these vectors include:
If you use one or more of these components, we strongly urge that you upgrade immediately.
ZF2014-02: Potential security issue in login mechanism of
consumer. Using the Consumer component in conjunction with a malicious OpenID
provider, one could login to a service using an arbitrary OpenID Identity
without requiring credentials, allowing impersonation of an OpenID Identity.
If you use this component, we strongly urge that you upgrade immediately.