release-2.3.6
SECURITY UPDATES ---------------- - **ZF2015-03** `Zend\Validator\Csrf` was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding `Zend\Form\Element\Csrf`, we recommend upgrading immediately.