Overview
Request 341582 accepted
- Update to 1.12.16. Changes in this version:
- #504: Cannot parse huge documents in Zend_Dom_Query
- #599: Wrong return type in DocBlock of Zend_Console_Getopt::getOption()
- #600: Undefined property $config in Zend_Http_Client_Adapter_Curl
- #604: add doccomments to Zend_Log covering its magic methods
- #606: Fix typo in Zend_Cache-Backends documentation.
- #610: Add ß (Latin small letter sharp s) to .de domain IDNA check
- #612: Zend_Validate_Hostname does not validate NTP hostnames
starting with '0' character
SECURITY UPDATES
- ZF2015-07: A number of components, including Zend_Cloud, Zend_Search_Lucene,
and Zend_Service_WindowsAzure were creating directories with a liberal
umask that could lead to local arbitrary code execution and/or local
privilege escalation. This release contains a patch that ensures the
directories are created using permissions of 0775 and files using 0664
(essentially umask 0002).
- ZF2015-08: ZF2014-06 uncovered an issue in the sqlsrv adapter provided
by the framework whereby null bytes were not filtered correctly when
generating SQL. A reporter discovered the same vulnerability is present
in our PDO implementation when used with pdo_dblib, and could potentially
be applied to other PDO adapters. This release contains a patch to properly
escape null bytes used in SQL queries across all PDO adapters shipped
with the framework.
- Created by lrupp
- In state accepted
-
Package maintainers:
aeneas_jaissle,
andtecheu, and
elvigia
Request History
lrupp created request
- Update to 1.12.16. Changes in this version:
- #504: Cannot parse huge documents in Zend_Dom_Query
- #599: Wrong return type in DocBlock of Zend_Console_Getopt::getOption()
- #600: Undefined property $config in Zend_Http_Client_Adapter_Curl
- #604: add doccomments to Zend_Log covering its magic methods
- #606: Fix typo in Zend_Cache-Backends documentation.
- #610: Add ß (Latin small letter sharp s) to .de domain IDNA check
- #612: Zend_Validate_Hostname does not validate NTP hostnames
starting with '0' character
SECURITY UPDATES
- ZF2015-07: A number of components, including Zend_Cloud, Zend_Search_Lucene,
and Zend_Service_WindowsAzure were creating directories with a liberal
umask that could lead to local arbitrary code execution and/or local
privilege escalation. This release contains a patch that ensures the
directories are created using permissions of 0775 and files using 0664
(essentially umask 0002).
- ZF2015-08: ZF2014-06 uncovered an issue in the sqlsrv adapter provided
by the framework whereby null bytes were not filtered correctly when
generating SQL. A reporter discovered the same vulnerability is present
in our PDO implementation when used with pdo_dblib, and could potentially
be applied to other PDO adapters. This release contains a patch to properly
escape null bytes used in SQL queries across all PDO adapters shipped
with the framework.
aeneas_jaissle accepted request
