Prepare for 2.4.10

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 2.4.10 (2016-05-09)
+
+- Fix HeaderValue throwing an exception on legal characters
+
 ## 2.4.9 (2015-11-23)
 
 ### SECURITY UPDATES

README.md

@@ -11,50 +11,13 @@ Develop:
 
 ## RELEASE INFORMATION
 
-*Zend Framework 2.4.9*
+*Zend Framework 2.4.10*
 
 This is a maintenance release in the version 2.4 series.
 
-23 November 2015
-
-### UPDATES IN 2.4.9
-
-This release contains the following security fixes:
-
-- **ZF2015-09**: `Zend\Captcha\Word` generates a "word" for a CAPTCHA challenge
-  by selecting a sequence of random letters from a character set. Prior to this
-  vulnerability announcement, the selection was performed using PHP's internal
-  `array_rand()` function. This function does not generate sufficient entropy
-  due to its usage of `rand()` instead of more cryptographically secure methods
-  such as `openssl_pseudo_random_bytes()`. This could potentially lead to
-  information disclosure should an attacker be able to brute force the random
-  number generation. This release contains a patch that replaces the
-  `array_rand()` calls to use `Zend\Math\Rand::getInteger()`, which provides
-  better RNG.
-- **ZF2015-10**: `Zend\Crypt\PublicKey\Rsa\PublicKey` has a call to `openssl_public_encrypt()`
-  which used PHP's default `$padding` argument, which specifies
-  `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding
-  has a known vulnerability, the
-  [Bleichenbacher's chosen-ciphertext attack](http://crypto.stackexchange.com/questions/12688/can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5),
-  which can be used to recover an RSA private key. This release contains a patch
-  that changes the padding argument to use `OPENSSL_PKCS1_OAEP_PADDING`.
-
-  Users upgrading to this version may have issues decrypting previously stored
-  values, due to the change in padding. If this occurs, you can pass the
-  constant `OPENSSL_PKCS1_PADDING` to a new `$padding` argument in
-  `Zend\Crypt\PublicKey\Rsa::encrypt()` and `decrypt()` (though typically this
-  should only apply to the latter):
-
-  ```php
-  $decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING);
-  ```
-
-  where `$rsa` is an instance of `Zend\Crypt\PublicKey\Rsa`.
-
-  (The `$key` and `$mode` argument defaults are `null` and
-  `Zend\Crypt\PublicKey\Rsa::MODE_AUTO`, if you were not using them previously.)
-
-  We recommend re-encrypting any such values using the new defaults.
+09 May 2016
+
+### UPDATES IN 2.4.10
 
 Please see [CHANGELOG.md](CHANGELOG.md).
 

library/Zend/Version/Version.php

@@ -20,7 +20,7 @@ final class Version
     /**
      * Zend Framework version identification - see compareVersion()
      */
-    const VERSION = '2.4.9';
+    const VERSION = '2.4.10';
 
     /**
      * Github Service Identifier for version information is retrieved from