We're pleased to announce the immediate availability of: - Zend Framework 1.12.17 - Zend Framework 2.4.9
Each are available to download via: - http://framework.zend.com/downloads/latest If you are using Composer, you can update to the latest version using: - composer update These releases provide patches for 2 security vulnerabilities: - ZF2015-09 is an announcement of a security hardening patch for Zend_Captcha/Zend\Captcha's word-based CAPTCHA adapters. The patch is available in Zend Framework 1.12.7, Zend Framework 2.4.9, and zendframework/zend-captcha 2.4.9 and 2.5.2. - ZF2015-10 details an information disclosure vulnerability in Zend\Crypt\PublicKey\Rsa due to insecure padding defaults in OpenSSL and PHP when using RSA keys. A patch is available in Zend Framework 2.4.9 and zendframework/zend-crypt 2.4.9 and 2.5.2. If you use word-based CAPTCHA adapters or Zend\Crypt\PublicKey\Rsa, we advise you to upgrade immediately. -- Matthew Weier O'Phinney Principal Engineer Project Lead, Zend Framework and Apigility matt...@zend.com http://framework.zend.com http://apigility.org PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com