Home Explore Help
Sign In
boarspring
/
repo_zf1Php7
forked from boarspring/repo_zf1
2
0
Fork 0
Files
Browse Source

[1.12.4] Release readiness

- Added security announcements to README
- Updated `Zend_Version::VERSION`
Matthew Weier O'Phinney 12 years ago
parent
d4bc1e0921
commit
fc335da6fb
2 changed files with 46 additions and 3 deletions
Split View Show Diff Stats
  1. 45 2
      README.md
  2. 1 1
      library/Zend/Version.php

+ 45 - 2
README.md
View File 

@@ -7,12 +7,55 @@ Master: [![Build Status](https://api.travis-ci.org/zendframework/zf1.png?branch=
 
 RELEASE INFORMATION
 
 ===================
 
 
-Zend Framework 1.12.4dev Release ([INSERT REV NUM HERE]).
 
-Released on <Month> <Day>, <Year>.
 
+Zend Framework 1.12.4 Release.
 
+Released on March 06, 2014.
 
+
 
+SECURITY FIXES FOR 1.12.4
 
+-------------------------
 
+
 
+- **ZF2014-01:** Potential XXE/XEE attacks using PHP functions:
 
+  `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. A new component,
 
+  `Zend_Xml`, was introduced to mitigate XML eXternal Entity and XML Entity
 
+  Expansion vectors that are present in older versions of libxml2 and/or PHP.
 
+  Components that could contain these vectors include:
 
+
 
+    - `Zend_Amf`
 
+    - `Zend_Config`
 
+    - `Zend_Dom`
 
+    - `Zend_Feed`
 
+    - `Zend_Gdata`
 
+    - `Zend_Json`
 
+    - `Zend_Locale`
 
+    - `Zend_Mobile_Push`
 
+    - `Zend_Rest_Client`
 
+    - `Zend_Search_Lucene`
 
+    - `Zend_Serializer_Adapter_Wddx`
 
+    - `Zend_Service_Amazon`
 
+    - `Zend_Service_AudioScrobbler`
 
+    - `Zend_Service_Delicious`
 
+    - `Zend_Service_Ebay`
 
+    - `Zend_Service_Flickr`
 
+    - `Zend_Service_SlideShare`
 
+    - `Zend_Service_SqlAzure`
 
+    - `Zend_Service_Technorati`
 
+    - `Zend_Service_WindowsAzure`
 
+    - `Zend_Service_Yahoo`
 
+    - `Zend_Soap`
 
+    - `Zend_Translate`
 
+
 
+  If you use one or more of these components, we strongly urge that you upgrade
 
+  immediately.
 
+
 
+- **ZF2014-02:** Potential security issue in login mechanism of `Zend_OpenId`
 
+  consumer. Using the Consumer component in conjunction with a malicious OpenID
 
+  provider, one could login to a service using an arbitrary OpenID Identity
 
+  without requiring credentials, allowing impersonation of an OpenID Identity.
 
+  If you use this component, we strongly urge that you upgrade immediately.
 
 
 IMPORTANT FIXES FOR 1.12.4
 
 --------------------------
 
 
+
 
 - [#221](https://github.com/zendframework/zf1/pull/221) removes the TinySrc view
 
   helper, as the TinySrc service no longer exists.
 
 - [#222](https://github.com/zendframework/zf1/pull/222) removes the InfoCard

+ 1 - 1
library/Zend/Version.php
View File 

@@ -32,7 +32,7 @@ final class Zend_Version
 
     /**
 
      * Zend Framework version identification - see compareVersion()
 
      */
 
-    const VERSION = '1.12.4dev';
 
+    const VERSION = '1.12.4';
 
 
     /**
 
      * The latest stable version Zend Framework available