The Zend Framework team has been notified of a potential Local File Inclusion (LFI) attack vector in Zend_View's render() method. To address the issue, as of the 1.7.5 release the render() method no longer accepts paths that include parent directory traversal (e.g., "../" and "..\") in the path argument. This introduces a regression in behavior which can be addressed by turning off the lfiProtectionOn flag. For more information, see:
http://framework.zend.com/manual/en/zend.view.migration.html If this advisory does not affect your applications, please disregard. We take security very seriously and will continue to notify all users when a security fault is discovered. Thank you. ,Wil