[fw-general] Zend Framework 1.9.7, 1.8.5, and 1.7.9 Released

[Matthew Weier O'Phinney]

The Zend Framework team announces the immediate availability of three
versions of Zend Framework: 1.9.7, 1.8.5, and 1.7.9. In addition to over
40 bugfixes between them, these three releases are the first releases
following announcement of our new security policy, and resolve six
security vulnerabilities reported against Zend Framework in recent
weeks. We highly recommend upgrading to the latest version of Zend
Framework.

You may download it from the Zend Framework site:

    http://framework.zend.com/download/latest

During the month of December, one of our contributors, Pádraic Brady,
performed a preliminary security audit of the framework, and worked with
the Zend Framework team to confirm the reports as well as resolve them.

The following security vulnerabilities are resolved in these releases:

 * ZF2010-06: Potential XSS or HTML Injection vector in Zend_Json
 * ZF2010-05: Potential XSS vector in Zend_Service_ReCaptcha_MailHide
 * ZF2010-04: Potential MIME-type Injection in Zend_File_Transfer
 * ZF2010-03: Potential XSS vector in Zend_Filter_StripTags when comments 
allowed
 * ZF2010-02: Potential XSS vector in Zend_Dojo_View_Helper_Editor
 * ZF2010-01: Potential XSS vectors due to inconsistent encodings

You canget more information on these advisories from our security page:

    http://framework.zend.com/security/advisories

For a full list of non-security-related, resolved issues, you can visit
changelogs for each release:

 * http://framework.zend.com/changelog/1.9.7
 * http://framework.zend.com/changelog/1.8.5
 * http://framework.zend.com/changelog/1.7.9

This will be the last scheduled release in the 1.9 series. We released
an alpha of 1.10.0 mid-December, and plan a beta release this week, with
the final release later in the month; keep posted for developments along
that front in the coming weeks.

I'd like to thank everyone who contributed code to this release,
including those who submitted patches, translated documentation, or
reported issues.

-- 
Matthew Weier O'Phinney
Project Lead            | matt...@zend.com
Zend Framework          | http://framework.zend.com/