About

Changelog

2.3.4 (2015-01-14)

Zend Framework 2.3.4 (2015-01-14)

SECURITY UPDATES

  • ZF2015-01: Session validators were not run if set before session start. Essentially, the validators were writing to the $_SESSION superglobal before session start, which meant the data was overwritten once the session began. This meant on subsequent calls, the validators had no data to compare against, making the sessions automatically valid. We have provided patches to ensure that validators are run only after the session has begun, which will ensure they validate sessions correctly going forward. If you use Zend\Session validators, we recommend upgrading immediately.

Copyright

© 2006-2019 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts