We have just released the following Zend Framework versions: - 1.12.9 - 2.2.8 - 2.3.3
These are security releases. The relevant advisories are: - http://framework.zend.com/security/advisory/ZF2014-05 - Anonymous authentication in ldap_bind() function of PHP, using null byte - http://framework.zend.com/security/advisory/ZF2014-06 - SQL injection vector when manually quoting values for sqlsrv extension, using null byte If you use the LDAP extension or the sqlsrv extension, we recommend upgrading immediately. For more details on the release: - http://framework.zend.com/blog/zend-framework-1-12-9-2-2-8-and-2-3-3-released.html -- Matthew Weier O'Phinney Principal Engineer Project Lead, Zend Framework and Apigility [email protected] http://framework.zend.com http://apigility.org PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
