--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2016-42cb1b4ac8
2016-06-29 11:12:49.632530
--------------------------------------------------------------------------------
Name : php-ZendFramework2
Product : Fedora EPEL 6
Version : 2.2.10
Release : 1.el6
URL :
http://framework.zend.com
Summary : Zend Framework 2
Description :
Zend Framework 2 is an open source framework for developing web applications
and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code
and utilizes most of the new features of PHP 5.3, namely namespaces, late
static binding, lambda functions and closures.
Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework
with over 15 million downloads.
Note: This meta package installs all base Zend Framework component packages
(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,
Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,
InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,
Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,
Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,
Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and
Cache-memcached packages.
--------------------------------------------------------------------------------
Update Information:
## 2.2.10 (2015-02-18) ### SECURITY UPDATES - **ZF2015-02:**
`Zend\Db\Adapter\Platform\Postgresql` was incorrectly using `\\` to escape
double quotes in identifiers and values, which could lead to SQL injection
vectors. We have provided patches that use proper escaping. If you use
Postgresql with Zend Framework 2, we recommend upgrading immediately. ## 2.2.9
(2015-01-14) ### SECURITY UPDATES - **ZF2015-01:** Session validators were not
run if set before session start. Essentially, the validators were writing to
the `$_SESSION` superglobal before session start, which meant the data was
overwritten once the session began. This meant on subsequent calls, the
validators had no data to compare against, making the sessions automatically
valid. We have provided patches to ensure that validators are run only after
the session has begun, which will ensure they validate sessions correctly
going forward. If you use `Zend\Session` validators, we recommend upgrading
immediately.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343989 - [epel6][security] php-ZendFramework2-2.2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343989
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-ZendFramework2' at the command line.
For more information, refer to "Managing Software with yum",
available at
https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------