2.1.6 (2014-03-06)

Zend Framework 2.1.6 (2014-03-06)

  • ZF2014-01: Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse. A new component, ZendXml, was introduced to mitigate XML eXternal Entity and XML Entity Expansion vectors that are present in older versions of libxml2 and/or PHP. Zend\Json\Json::fromXml() and Zend\XmlRpc's Response and Fault classes were potentially vulnerable to these attacks. If you use either of these components, we recommend upgrading immediately.


© 2006-2017 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.