Tags: vicular/zf2
Tags
Zend Framework 2.4.8 - [zend-validator/25: validate against DateTimeImmutable instead of DateTimeInterface](zendframework/zend-validator#25) - [zend-validator/35: treat 0.0 as non-empty, restoring pre-2.4 behavior](zendframework/zend-validator#35) - [zend-inputfilter/26: deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment](zendframework/zend-inputfilter#26) - [zend-inputfilter/22: ensure fallback values work as per pre-2.4 behavior](zendframework/zend-inputfilter#22) - [zend-inputfilter/31: update the InputFilterInterface::add() docblock to match implementations](zendframework/zend-inputfilter#31) - [zend-inputfilter/25: Fix how missing optoinal fields are validated to match pre 2.4.0 behavior](zendframework/zend-inputfilter#26) - [zend-form/12: deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26](zendframework/zend-form#12) - [zend-form/9: fix typos in aria attribute names of AbstractHelper](zendframework/zend-form#9) - [zend-mail/26: fixes the ContentType header to properly handle encoded parameter values](zendframework/zend-mail#26) - [zend-mail/11: fixes the Sender header to allow mailbox addresses without TLDs](zendframework/zend-mail#11) - [zend-mail/24: fixes parsing of messages that contain an initial blank line before headers](zendframework/zend-mail#24) - [zend-http/23: fixes the SetCookie header to allow multiline values (as they are always encoded)](zendframework/zend-http#23) - [zend-mvc/27: fixes DefaultRenderingStrategy errors due to controllers returning non-view model results](zendframework/zend-mvc#27) SECURITY UPDATES ---------------- - **ZF2015-07**: The filesystem storage adapter of `Zend\Cache` was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002).
Zend Framework 2.4.7 - [15: validateInputs must allow ArrayAccess for $data](zendframework/zend-inputfilter#15)
Zend Framework 2.5.2 SECURITY UPDATES ---------------- - **ZF2015-06**: `ZendXml` runs a heuristic detection for XML Entity Expansion and XML eXternal Entity vectors when under php-fpm, due to issues with threading in libxml preventing using that library's built-in mechanisms for disabling them. However, the heuristic was determined to be faulty when multibyte encodings are used for the XML. This release contains a patch to ensure that the heuristic will work with multibyte encodings. If you use Zend Framework components that utilize DOMDocument or SimpleXML (which includes `Zend\XmlRpc`, `Zend\Soap`, `Zend\Feed`, and several others), and deploy using php-fpm in production (or plan to), we recommend upgrading immediately.
Zend Framework 2.4.6 - [10: Take fallback value into account during input filter validation](zendframework/zend-inputfilter#10) SECURITY UPDATES ---------------- - **ZF2015-06**: `ZendXml` runs a heuristic detection for XML Entity Expansion and XML eXternal Entity vectors when under php-fpm, due to issues with threading in libxml preventing using that library's built-in mechanisms for disabling them. However, the heuristic was determined to be faulty when multibyte encodings are used for the XML. This release contains a patch to ensure that the heuristic will work with multibyte encodings. If you use Zend Framework components that utilize DOMDocument or SimpleXML (which includes `Zend\XmlRpc`, `Zend\Soap`, `Zend\Feed`, and several others), and deploy using php-fpm in production (or plan to), we recommend upgrading immediately.
Zend Framework 2.4.5 - [7: Ensure Required, AllowEmpty validation combo works](zendframework/zend-inputfilter#7)
Zend Framework 2.4.4 - [zendframework#9](zendframework/zend-stdlib#9) fixes an issue with count incrementation during insert in PriorityList, ensuring that incrementation only occurs when the item inserted was not previously present in the list.
Zend Framework 2.4.3 - Use the Host port when port forwarding is detected
Zend Framework 2.5.1 - [zendframework#7571](zendframework#7571) makes `zend-ldap` an optional dependency instead of a hard dependency, as `zend-ldap` has a hard requirement on `ext-ldap`, blocking installation for many users. If you use `zend-ldap`, you will need to call `composer require zendframework/zend-ldap` after upgrading to 2.5.1.
Zend Framework 2.5.0 - [7072: Split Framework](zendframework#7072) - [7095: Drop PHP 5.3 support](zendframework#7095) - [7119: zendframework#7095 - bumping minimum PHP version requirement to 5.4.0](zendframework#7119) - [7542: &zendframework#91;WIP&zendframework#92; Make ZF2 a meta-package](zendframework#7542)
Zend Framework 2.4.2 - [7503: Mail header - boundary issue (related to ZF2015-04)](zendframework#7503) - [7506: &zendframework#91;mail&zendframework#92; Fix set UTF-8 values to headers. Fix zendframework#7501](zendframework#7506) - [7507: &zendframework#91;http&zendframework#92; Allow serialize any character on cookies](zendframework#7507) - [7510: &zendframework#91;mail/mime&zendframework#92; Fix content-type has invalid characters in field value. Fix zendframework#7503](zendframework#7510) - [7512: \Zend\Ldap\Attribute::valueFromLdap catching wrong exception](zendframework#7512) - [7513: &zendframework#91;ldap&zendframework#92; Fix exceptions while parsing are not captured.](zendframework#7513) - [7514: &zendframework#91;zendframework#7503&zendframework#92; Pass the `\r\n` sequence to Part::getHeadersAsArray()](zendframework#7514)
PreviousNext