* Bradley Holt [mailto:bradley.h...@foundline.com]
> *Sent:* Friday, March 20, 2009 12:22 PM
> *To:* Wil Sinclair
> *Cc:* fw-general@lists.zend.com
> *Subject:* Re: [fw-general] SECURITY ADVISORY
>
>
>
> Wil,
>
> We have one project that is running on a client's RHEL
: Friday, March 20, 2009 12:22 PM
To: Wil Sinclair
Cc: fw-general@lists.zend.com
Subject: Re: [fw-general] SECURITY ADVISORY
Wil,
We have one project that is running on a client's RHEL server and are using ZF
1.6.2 due to compatibility issues. I see that these fixes have been backported
t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just switch your svn:externals to the branch. Thus you will also get
future security-fixes (if any). New tags will not be created for the old
branches.
...
: ___ _ ___ ___ ___ _ ___:
: | \ /_\ / __| _ \ _ (_)
Wil,
We have one project that is running on a client's RHEL server and are using
ZF 1.6.2 due to compatibility issues. I see that these fixes have been
backported to the release-1.6 branch but no new tag was created (the last
tag in 1.6 is 1.6.2 last updated on 10/12/2008). Wouldn't it be appropri
The Zend Framework team was recently notified of an XSS attack vector in
its Zend_Filter_StripTags class. Zend_Filter_StripTags offers the
ability to strip HTML tags from text, but also to selectively choose
which tags and specific attributes of those tags to keep.
The XSS attack vector was due
Hello,
I've got to put the flag (to "false") into bootstrap because I've a lot of
forms with " array('viewScript' => '../helpers/edit.phtml'," and I'm in a
hurry to deliver the app to production stage. I'm sure this is a bad
practice (? or can I leave it so...).
In other hand, I'm reading about
The Zend Framework team has been notified of a potential Local File
Inclusion (LFI) attack vector in Zend_View's render() method. To address
the issue, as of the 1.7.5 release the render() method no longer accepts
paths that include parent directory traversal (e.g., "../" and "..\") in
the path arg