|
|
@@ -13,6 +13,14 @@ Released on MMMMM DD, YYYY.
|
|
|
IMPORTANT FIXES FOR 1.12.9
|
|
|
--------------------------
|
|
|
|
|
|
+**This release contains security updates:**
|
|
|
+
|
|
|
+- **ZF2014-06** `Zend_Db_Adapter_Sqlsrv` had a potential SQL injection
|
|
|
+ vulnerability via improperly quoted null bytes. The code has been updated to
|
|
|
+ ensure proper quoting and thus remove the security vector. If you are using
|
|
|
+ `Zend_Db_Adapter_Sqlsrv` and manually quoting values via the adapter, we
|
|
|
+ encourage you to upgrade immediately.
|
|
|
+
|
|
|
See http://framework.zend.com/changelog for full details.
|
|
|
|
|
|
NEW FEATURES
|
Matthew Weier O'Phinney