We've just released Zend Framework 1.12.13! - http://framework.zend.com/downloads/latest#ZF1
This release contains a fix for a regression introduced when patching the message splitting vulnerability (ZF2015-04 - see http://framework.zend.com/security/advisory/ZF2015-04) in version 1.12.12; the patch was too strict, and did not allow integers or floats for header values, breaking headers such as Content-Length. Version 1.12.13 fixes these situations specifically, ensuring both the security model introduced in 1.12.12 while providing leniency for these safe values. If you use Zend_Http, or a component that depends on it (Zend_OpenId, Zend_Oauth, the Zend_Service components, Zend_XmlRpc, etc.), we highly recommend upgrading immediately. -- Matthew Weier O'Phinney Principal Engineer Project Lead, Zend Framework and Apigility [email protected] http://framework.zend.com http://apigility.org PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
