Thanks On Tue, Aug 21, 2012 at 7:10 AM, Mike Willbanks <[email protected]> wrote: > Hello Feln, > > It will be in 1.12 which is in RC. > > Regards, > > Mike > > On Aug 20, 2012 11:06 PM, "FeIn" <[email protected]> wrote: >> >> Hi, >> >> I can't find the EventManager, I was under the impression that it will >> be backported from ZF 2.0 into the 1.11.13 version. Can you please >> point me to it? >> >> On Tue, Aug 21, 2012 at 1:14 AM, Matthew Weier O'Phinney >> <[email protected]> wrote: >> > The download URL was incorrect -- correct URL is >> > >> > http://framework.zend.com/download/latest >> > >> > -- Matthew Weier O'Phinney <[email protected]> wrote >> > (on Monday, 20 August 2012, 04:21 PM -0500): >> >> The Zend Framework community announces the immediate availability of >> >> both 1.11.13 and 1.12.0rc4. >> >> >> >> Downloads for both versions are available at: >> >> >> >> http://framework.zend.com/downloads/latest >> >> >> >> >> >> SECURITY NOTICE FOR 1.11.13 AND 1.12.0RC4 >> >> ----------------------------------------- >> >> >> >> Several components were found to contain additional XML eXternal Entity >> >> (XXE) injection vulnerabilities (in addition to the XML-RPC component >> >> patched in 1.11.12). Additionally, we identified several potential XML >> >> Entity Expansion (XEE) vectors. XEE attacks occur when the XML doctype >> >> declaration contains XML entity definitions; these attacks usually >> >> result >> >> in recursion, which consumes CPU and memory resources, making Denial of >> >> Service (DoS) attacks easier to implement. >> >> >> >> The patches in 1.11.13 and 1.12.0rc4 close both XXE and XEE >> >> vulnerabilities found in the framework. The former are mitigated by >> >> ensuring libxml_disable_entity_loader is called before any SimpleXML >> >> calls are executed; the latter are mitigated by looping through the >> >> DOMDocument instance and checking for XML_DOCUMENT_TYPE_NODE children, >> >> raising an exception if any are found (in cases where SimpleXML is >> >> used, >> >> loading the XML via DOMDocument first, and then passing the object to >> >> simplexml_import_dom). >> >> >> >> The following components were patched: >> >> >> >> - Zend_Dom >> >> - Zend_Feed >> >> - Zend_Soap >> >> - Zend_XmlRpc >> >> >> >> Thanks goes to Pádraic Brady for identifying and patching these >> >> vectors. >> >> >> >> If you are using any of the above components, we highly recommend >> >> upgrading to 1.11.13 or later immediately. >> >> >> >> -- >> >> Matthew Weier O'Phinney >> >> Project Lead | [email protected] >> >> Zend Framework | http://framework.zend.com/ >> >> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc >> >> >> > >> > -- >> > Matthew Weier O'Phinney >> > Project Lead | [email protected] >> > Zend Framework | http://framework.zend.com/ >> > PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
-- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
