Changelog

Changelog

1.12.4 (2010-05-23)

Zend Framework 1.12.4 (2014-03-06)

SECURITY FIXES FOR 1.12.4

  • ZF2014-01: Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse. A new component, Zend_Xml, was introduced to mitigate XML eXternal Entity and XML Entity Expansion vectors that are present in older versions of libxml2 and/or PHP. Components that could contain these vectors include:

    • Zend_Amf
    • Zend_Config
    • Zend_Dom
    • Zend_Feed
    • Zend_Gdata
    • Zend_Json
    • Zend_Locale
    • Zend_Mobile_Push
    • Zend_Rest_Client
    • Zend_Search_Lucene
    • Zend_Serializer_Adapter_Wddx
    • Zend_Service_Amazon
    • Zend_Service_AudioScrobbler
    • Zend_Service_Delicious
    • Zend_Service_Ebay
    • Zend_Service_Flickr
    • Zend_Service_SlideShare
    • Zend_Service_SqlAzure
    • Zend_Service_Technorati
    • Zend_Service_WindowsAzure
    • Zend_Service_Yahoo
    • Zend_Soap
    • Zend_Translate

    If you use one or more of these components, we strongly urge that you upgrade immediately.

  • ZF2014-02: Potential security issue in login mechanism of Zend_OpenId consumer. Using the Consumer component in conjunction with a malicious OpenID provider, one could login to a service using an arbitrary OpenID Identity without requiring credentials, allowing impersonation of an OpenID Identity. If you use this component, we strongly urge that you upgrade immediately.

IMPORTANT FIXES FOR 1.12.4

  • #221 removes the TinySrc view helper, as the TinySrc service no longer exists.
  • #222 removes the InfoCard component, as the CardSpace service no longer exists.
  • #271 removes the Nirvanix component, as the Nirvanix service shut down in October 2013.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts