|
|
@@ -13,6 +13,17 @@ Released on MMMMMMMM DD, YYYY.
|
|
|
IMPORTANT FIXES FOR 1.12.12
|
|
|
---------------------------
|
|
|
|
|
|
+**This release contains security updates:**
|
|
|
+
|
|
|
+- **ZF2015-04:** `Zend_Mail` and `Zend_Http` were both susceptible to CRLF Injection
|
|
|
+ Attack vectors (for HTTP, this is often referred to as HTTP Response
|
|
|
+ Splitting). Both components were updated to perform header value validations
|
|
|
+ to ensure no values contain characters not detailed in their corresponding
|
|
|
+ specifications, and will raise exceptions on detection. Each also provides new
|
|
|
+ facilities for both validating and filtering header values prior to injecting
|
|
|
+ them into header classes. If you use either `Zend_Mail` or `Zend_Http`,
|
|
|
+ we recommend upgrading immediately.
|
|
|
+
|
|
|
See http://framework.zend.com/changelog for full details.
|
|
|
|
|
|
NEW FEATURES
|
Matthew Weier O'Phinney