News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Padraic Brady's Blog:
Zend Framework Security Related Releases Now Available
January 13, 2010 @ 07:08:34

In this recent post to his blog Padraic Brady looks at the Zend Framework security releases that were made the other day - versions 1.9.7, 1.8.5 and 1.7.9 - to correct a number of security issues in each release. For those that are curious, you can find the full list of fixes here.

While an ongoing process, the initial [security] review focused on specific areas most likely to deal directly or indirectly with user input and the output of user sourced data. [...] The review also included an examination of all new components due to enter service with Zend Framework 1.10. This yielded a number of issues whose fixes will preempt their release into a stable version, and have been reported to the relevant lead developers.

Padraic mentions some of the things that were found and corrected in these security releases including the enforcement of a default character set throughout the framework (with new functions to help with keeping your data consistent) and several potential XSS vulnerabilities in components like the Zend_Json, Zend_Dojo_View_Helper_Editor and Zend_Filter_StripTags.

0 comments voice your opinion now!
zendframework security release characterset xss


blog comments powered by Disqus

Similar Posts

Stefan Mischook's Blog: The 'Good Enough' Principle and PHP

Derick Rethans' Blog: eZ Components 2006.2 released!

Till Klampaeckel's Blog: Zend Framework: Slow automatic view rendering

Lorna Mitchell's Blog: Dealing with MySQL Gone Away in Zend Framework

Ed Finkler's Blog: PHPSecInfo v0.2.1 now available


Community Events





Don't see your event here?
Let us know!


bugfix framework series introduction symfony podcast unittest zendserver release community library api opinion voicesoftheelephpant laravel language package install deployment interview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework