Zend Framework 2.3.6 (2015-03-12)
Zend\Validator\Csrf was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding Zend\Form\Element\Csrf, we recommend upgrading immediately.