No one's blaming anyone for the code, it's what the response is, and
will be. Bugs will happen... but will backports? If you search the lists
you'll find numerous attempts to get a security policy discussion
started, and it never goes anywhere.
So lets get somewhere already.
How is the
Hi!
How is the project going to respond to a validator that is letting
tainted information into applications. Maybe Matthew, as architect, can
respond on what Zend is doing to address this and other security
disclosures with the framework?
It looks like a bug. Do you have some patch and