-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2016-42cb1b4ac8 2016-06-29 11:12:49.632530 --------------------------------------------------------------------------------
Name : php-ZendFramework2 Product : Fedora EPEL 6 Version : 2.2.10 Release : 1.el6 URL : http://framework.zend.com Summary : Zend Framework 2 Description : Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures.
Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework with over 15 million downloads.
Note: This meta package installs all base Zend Framework component packages (Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db, Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n, InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager, Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar, Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text, Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and Cache-memcached packages.
-------------------------------------------------------------------------------- Update Information:
## 2.2.10 (2015-02-18) ### SECURITY UPDATES - **ZF2015-02:** `Zend\Db\Adapter\Platform\Postgresql` was incorrectly using `\` to escape double quotes in identifiers and values, which could lead to SQL injection vectors. We have provided patches that use proper escaping. If you use Postgresql with Zend Framework 2, we recommend upgrading immediately. ## 2.2.9 (2015-01-14) ### SECURITY UPDATES - **ZF2015-01:** Session validators were not run if set before session start. Essentially, the validators were writing to the `$_SESSION` superglobal before session start, which meant the data was overwritten once the session began. This meant on subsequent calls, the validators had no data to compare against, making the sessions automatically valid. We have provided patches to ensure that validators are run only after the session has begun, which will ensure they validate sessions correctly going forward. If you use `Zend\Session` validators, we recommend upgrading immediately. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1343989 - [epel6][security] php-ZendFramework2-2.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1343989 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update php-ZendFramework2' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org