PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PEAR Releases (03.18.2024)

Community News: Latest PEAR Releases (03.11.2024)

Community News: Latest PECL Releases (03.05.2024)

Community News: Latest PECL Releases (02.27.2024)

Community News: Latest PEAR Releases (02.26.2024)

Community News: Latest PECL Releases (02.20.2024)

Community News: Latest PECL Releases (02.13.2024)

Community News: Latest PEAR Releases (02.12.2024)

Community News: Latest PECL Releases (02.06.2024)

Community News: Latest PECL Releases (01.30.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
Zend Framework 1.7.5 Released (Security Fix)

byChris Cornutt Feb 18, 2009 @ 14:48:14

As mentioned in this new post to the Zend Developer Zone, the latest version of the Zend Framework has been released - 1.7.5 - and includes an important security fix:

Besides the normal small enhancements and bug fixes that come with an incremental release such as this, there is also a rather important (and somewhat controversial) security fix that was added. This security fix breaks backwards compatibility with the previous version, because it simply must in order to exist. There is however a way to turn the security fix off to keep your current applications working in the case that this change breaks you.

Matthew Weier O'Phinny gives more detail on the issue over on his blog. The problem stems from an issue in the Zend_View's render() method and possible user input problems.

You can download this latest release from the Zend Framework website.