Hi, I can't find the EventManager, I was under the impression that it will be backported from ZF 2.0 into the 1.11.13 version. Can you please point me to it?
On Tue, Aug 21, 2012 at 1:14 AM, Matthew Weier O'Phinney <[email protected]> wrote: > The download URL was incorrect -- correct URL is > > http://framework.zend.com/download/latest > > -- Matthew Weier O'Phinney <[email protected]> wrote > (on Monday, 20 August 2012, 04:21 PM -0500): >> The Zend Framework community announces the immediate availability of >> both 1.11.13 and 1.12.0rc4. >> >> Downloads for both versions are available at: >> >> http://framework.zend.com/downloads/latest >> >> >> SECURITY NOTICE FOR 1.11.13 AND 1.12.0RC4 >> ----------------------------------------- >> >> Several components were found to contain additional XML eXternal Entity >> (XXE) injection vulnerabilities (in addition to the XML-RPC component >> patched in 1.11.12). Additionally, we identified several potential XML >> Entity Expansion (XEE) vectors. XEE attacks occur when the XML doctype >> declaration contains XML entity definitions; these attacks usually result >> in recursion, which consumes CPU and memory resources, making Denial of >> Service (DoS) attacks easier to implement. >> >> The patches in 1.11.13 and 1.12.0rc4 close both XXE and XEE >> vulnerabilities found in the framework. The former are mitigated by >> ensuring libxml_disable_entity_loader is called before any SimpleXML >> calls are executed; the latter are mitigated by looping through the >> DOMDocument instance and checking for XML_DOCUMENT_TYPE_NODE children, >> raising an exception if any are found (in cases where SimpleXML is used, >> loading the XML via DOMDocument first, and then passing the object to >> simplexml_import_dom). >> >> The following components were patched: >> >> - Zend_Dom >> - Zend_Feed >> - Zend_Soap >> - Zend_XmlRpc >> >> Thanks goes to Pádraic Brady for identifying and patching these vectors. >> >> If you are using any of the above components, we highly recommend >> upgrading to 1.11.13 or later immediately. >> >> -- >> Matthew Weier O'Phinney >> Project Lead | [email protected] >> Zend Framework | http://framework.zend.com/ >> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc >> > > -- > Matthew Weier O'Phinney > Project Lead | [email protected] > Zend Framework | http://framework.zend.com/ > PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
