Hello Feln, It will be in 1.12 which is in RC.
Regards, Mike On Aug 20, 2012 11:06 PM, "FeIn" <aci...@gmail.com> wrote: > Hi, > > I can't find the EventManager, I was under the impression that it will > be backported from ZF 2.0 into the 1.11.13 version. Can you please > point me to it? > > On Tue, Aug 21, 2012 at 1:14 AM, Matthew Weier O'Phinney > <matt...@zend.com> wrote: > > The download URL was incorrect -- correct URL is > > > > http://framework.zend.com/download/latest > > > > -- Matthew Weier O'Phinney <matt...@zend.com> wrote > > (on Monday, 20 August 2012, 04:21 PM -0500): > >> The Zend Framework community announces the immediate availability of > >> both 1.11.13 and 1.12.0rc4. > >> > >> Downloads for both versions are available at: > >> > >> http://framework.zend.com/downloads/latest > >> > >> > >> SECURITY NOTICE FOR 1.11.13 AND 1.12.0RC4 > >> ----------------------------------------- > >> > >> Several components were found to contain additional XML eXternal Entity > >> (XXE) injection vulnerabilities (in addition to the XML-RPC component > >> patched in 1.11.12). Additionally, we identified several potential XML > >> Entity Expansion (XEE) vectors. XEE attacks occur when the XML doctype > >> declaration contains XML entity definitions; these attacks usually > result > >> in recursion, which consumes CPU and memory resources, making Denial of > >> Service (DoS) attacks easier to implement. > >> > >> The patches in 1.11.13 and 1.12.0rc4 close both XXE and XEE > >> vulnerabilities found in the framework. The former are mitigated by > >> ensuring libxml_disable_entity_loader is called before any SimpleXML > >> calls are executed; the latter are mitigated by looping through the > >> DOMDocument instance and checking for XML_DOCUMENT_TYPE_NODE children, > >> raising an exception if any are found (in cases where SimpleXML is used, > >> loading the XML via DOMDocument first, and then passing the object to > >> simplexml_import_dom). > >> > >> The following components were patched: > >> > >> - Zend_Dom > >> - Zend_Feed > >> - Zend_Soap > >> - Zend_XmlRpc > >> > >> Thanks goes to Pádraic Brady for identifying and patching these vectors. > >> > >> If you are using any of the above components, we highly recommend > >> upgrading to 1.11.13 or later immediately. > >> > >> -- > >> Matthew Weier O'Phinney > >> Project Lead | matt...@zend.com > >> Zend Framework | http://framework.zend.com/ > >> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc > >> > > > > -- > > Matthew Weier O'Phinney > > Project Lead | matt...@zend.com > > Zend Framework | http://framework.zend.com/ > > PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc >
