The security fix broke our javascript templates that contained form elements. :-( All the curly braces in attributes are being converted to html entities, so our string replace calls aren't finding the braces anymore. Is there a way to easily get the old behaviour?
Cheers, David On Wed, Apr 16, 2014 at 6:16 AM, Matthew Weier O'Phinney <matt...@zend.com>wrote: > We've just pushed out several new releases: > > - Zend Framework 1.12.6: This fixes a BC break with regards to a > number of Locales that was introduced in 1.12.4; you can read about it > at http://bit.ly/zf-1-12-6 > > - Zend Framework 2.2.7 and Zend Framework 2.3.1: These fix a security > issue reported at > http://framework.zend.com/security/advisory/ZF2014-03 - a potential > XSS vulnerability in a number of ZF2 view helpers. Additionally, ZF > 2.3.1 contains more than 80 bugfixes; you can read about these > releases at http://bit.ly/zf-2-3-1 > > If you are using ZF2, and specifically view helpers, we highly > recommend upgrading to either 2.2.7 or 2.3.1 ASAP. > > Packages are available via composer, pyrus, or > http://framework.zend.com/downloads/latest > > -- > Matthew Weier O'Phinney > Project Lead | matt...@zend.com > Zend Framework | http://framework.zend.com/ > PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc > > -- > List: fw-general@lists.zend.com > Info: http://framework.zend.com/archives > Unsubscribe: fw-general-unsubscr...@lists.zend.com > > >
