Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

release-2.3.4

Zend Framework 2.3.4
- [3758: partialLoop/partial View Helper can not be nested when using setObjectKey](zendframework#3758)
- [4517: Incompatible with RecursiveIterator::hasChildren()  Zend\Navigation\AbstractContainer](zendframework#4517)
- [4960: DateTime form element weird DateInterval step!?](zendframework#4960)
- [5992: Bug fix: Removes length limit (of TLD) when validating a hostname](zendframework#5992)
- [6231: fixing http query parameters](zendframework#6231)
- [6263: Collection attempts to access `object` property on `$this->targetElement`](zendframework#6263)
- [6279: Return the text value in _ array key](zendframework#6279)
- [6298: Handle regular form elements as target elements of `Zend\Form\Element\Collection`.](zendframework#6298)
- [6312: [Zend\I18n\ php.ini setting "intl.use_exceptions" on true](zendframework#6312)
- [6324: Redis::setItems - the last item is overwritten](zendframework#6324)
- [6358: Wrong datetime format in Atom 1.0 date constructs](zendframework#6358)
- [6398: Preserve the fluent interface](zendframework#6398)
- [6435: Race Condition in Zend\Cache\Storage\Adapter\Filesystem::prepareDirectoryStructure](zendframework#6435)
- [6492: [Http\ Add body support for DELETE/OPTIONS request](zendframework#6492)
- [6518: Suggested workaround for #6263](zendframework#6518)
- [6526: [Http\ Rationalize timeout behavior between adapters](zendframework#6526)
- [6537: Mime Part class rewind fix](zendframework#6537)
- [6539: PHPCS fixes for Zend\Captcha](zendframework#6539)
- [6548: ServiceManager peering does not respect shared flag ](zendframework#6548)
- [6561: Remove old component fork origins](zendframework#6561)
- [6562: replacing array_key_exists with faster isset calls](zendframework#6562)
- [6569: Should we use constant for events in Zend\Db\TableGateway\Feature\EventFeature?](zendframework#6569)
- [6573: fixes #6435: Race Condition in filesystem cache on prepare dir structure](zendframework#6573)
- [6575: fixed #6324: Redis::setItems: the last item is overwritten](zendframework#6575)
- [6577: added missing register services at Zend\Paginator\AdapterPluginManager](zendframework#6577)
- [6585: Form Collection `No element by the name of [2\ found in form`](zendframework#6585)
- [6586: Fixes typo](zendframework#6586)
- [6594: Update classmap_generator.php](zendframework#6594)
- [6598: add try/catch around statements that execute intl_is_failure()](zendframework#6598)
- [6614: fixes #6585](zendframework#6614)
- [6625: Create Zend_Captcha.php translation for spanish.](zendframework#6625)
- [6628: added missing "JavaProperties" into Zend\Config\ReaderPluginManager and register the extension into Factory](zendframework#6628)
- [6629: Fixes CS : unused use](zendframework#6629)
- [6630: Use 2.* in require-dev zendframework/zend-escaper in Zend\Debug\composer.json](zendframework#6630)
- [6631: Added zendframework/zend-servicemanager into suggest at Zend\Permissions\Acl's composer.json](zendframework#6631)
- [6634: Allow `crossorigin` attribute in headScript](zendframework#6634)
- [6635: Allow `sizes` attribute in headLink (used with rel="icon")](zendframework#6635)
- [6636: AbstractControllerTestCase fails with multidimensional params array](zendframework#6636)
- [6637: Allow multidimensional params in AbstractControllerTestCase](zendframework#6637)
- [6643: change !is_null to $value !== null for consistency](zendframework#6643)
- [6644: The /e modifier of preg_replace() deprecated as of PHP 5.5.0](zendframework#6644)
- [6645: isValid sets up old values?](zendframework#6645)
- [6647: Zend\I18n\Validator\Float does not set error message on NOT_FLOAT.](zendframework#6647)
- [6648: Fixes #6647 : Zend\I18n\Validator\Float set error message for NOT_FLOAT](zendframework#6648)
- [6649: Exception thrown when value_options is empty in Form\View\ViewHelper\FormMultiCheckbox](zendframework#6649)
- [6655: 6649](zendframework#6655)
- [6660: prefer single quote](zendframework#6660)
- [6673: SetCookie: let it accept DateTime object](zendframework#6673)
- [6674: PHPCS fixes for Zend\View](zendframework#6674)
- [6684: PHPCS fixes for Zend\Text](zendframework#6684)
- [6685: PHPCS fixes for Zend\Tag](zendframework#6685)
- [6686: @return self correction](zendframework#6686)
- [6692: fix typo in form select view helper](zendframework#6692)
- [6698: PHPCS fixes for Zend\Di](zendframework#6698)
- [6699: PHPCS fixes for Zend\Dom](zendframework#6699)
- [6700: PHPCS fixes for Zend\Feed](zendframework#6700)
- [6701: PHPCS fixes for Zend\File](zendframework#6701)
- [6711: Fix for BC break #6645 where isValid() sets up old values](zendframework#6711)
- [6718: Zend\Db relies on Zend\Stdlib due to items in the Zend\Db\Sql package](zendframework#6718)
- [6719: Zend\Db\Sql\Select::order(): accept ExpressionInterface instead of Expression](zendframework#6719)
- [6722: Db order expressioninterface](zendframework#6722)
- [6726: Zend\Db\TableGateway: Alias for table](zendframework#6726)
- [6730: Zend\Config\Reader\Xml bug with close file after open](zendframework#6730)
- [6743: Fixes cs : space after if and elseif in deep conditional](zendframework#6743)
- [6750: yoda conditions in prg controller plugin](zendframework#6750)
- [6751: added ocramius/proxy-manager into suggest at Zend\ServiceManager's composer.json](zendframework#6751)
- [6760: pg_connect params encodings](zendframework#6760)
- [6761: Fixes #6730 : close() xml reader on fromFile() and fromString()](zendframework#6761)
- [6762: Issue in gettext file load, when plural part from one phrase exists as singular part in another](zendframework#6762)
- [6765: hotfix for issue with wrong gettext plural](zendframework#6765)
- [6768: Zend\Stdlib\PriorityList cannot contain false values](zendframework#6768)
- [6773: Fixes #6768 : boolean false values at priority list should be valid](zendframework#6773)
- [6778: added zendframework/zendxml into suggest at Zend\Json's composer.json](zendframework#6778)
- [6779: added zendframework/zend-validator and zendframework/zend-filter into suggest at Zend\Console's composer.json](zendframework#6779)
- [6781: Added some missing hash constants in Zend/Crypt/Key/Derivation/SaltedS2k](zendframework#6781)
- [6785: remove PHP_VERSION_ID check before 50323](zendframework#6785)
- [6787: Fixes #6760 : decode http_build_query on connection string at Pgsql Connection](zendframework#6787)
- [6789: detach() is now inherited from AbstractListenerAgregate.](zendframework#6789)
- [6797: Fixed the call to addBranch() to include $branchName](zendframework#6797)
- [6798: Fix annotations on zend db](zendframework#6798)
- [6814: Invalid behaviour of classmap_generator_php for PHP >=5.5 ::class constant ](zendframework#6814)
- [6815: Update AbstractAdapter.php](zendframework#6815)
- [6818: Add event manager to session for it is needed.](zendframework#6818)
- [6820: Broken behavior for SET in SQL update](zendframework#6820)
- [6825: Incompatible with RecursiveIterator](zendframework#6825)
- [6826: removed navigation helper menu unused use statement](zendframework#6826)
- [6834: Zend\Db\Sql\Update building update statement](zendframework#6834)
- [6837: [Zend\Test\ Provide fix  when 2 mandatory strings are used in route console](zendframework#6837)
- [6845: Problem iterating buffered ResultSet](zendframework#6845)
- [6847: Fix iterating over buffered ResultSet](zendframework#6847)
- [6849: Db/Sql/Predicate/Expression: Fix method argument handling](zendframework#6849)
- [6854: Added "autocomplete" to the list of valid attributes for textarea and select view helpers.](zendframework#6854)
- [6858: Allow Session\Container names to start with numbers](zendframework#6858)
- [6861: Fixes #6828 move zend\serializer deps how required](zendframework#6861)
- [6867: Update EventManagerInterface.php](zendframework#6867)
- [6869: ObjectProperty Hydrator should only hydrate public properties (fix + new test)](zendframework#6869)
- [6871: Memcached returns FALSE on failure](zendframework#6871)
- [6872: Update PHP-CS-Fixer and restrict .php_cs](zendframework#6872)
- [6873: CS Fix: string access and guard clauses](zendframework#6873)
- [6877: Fixed #6818](zendframework#6877)
- [6878: Cache: fixed 'Undefined index' error in memory adapter on access tags of...](zendframework#6878)
- [6879: Rebased and cleaned up #6279](zendframework#6879)
- [6880: Fix for #6263 (replaces PR #6518)](zendframework#6880)
- [6881: Bug in Zend\Stdlib\PriorityList->valid() ](zendframework#6881)
- [6891: Fixes Zend\Json\Json's composer.json containing single backslash](zendframework#6891)
- [6893: Zend\Code\ClassScanner cannot scan abstract method when class has properties and other methods.](zendframework#6893)
- [6895: Fix documentation](zendframework#6895)
- [6896: Fix for https cases for Apache on IBM i](zendframework#6896)
- [6897: Fix minor documentation typo](zendframework#6897)
- [6900: ArrayUtils performance tweak](zendframework#6900)
- [6901: Added a failing test for #6893](zendframework#6901)
- [6902: Throw an ServiceNotFoundException in AbstractPluginManager when the invokable does not exist.](zendframework#6902)
- [6904: Patch test case on Stdlib/PriorityListTest](zendframework#6904)
- [6907: allow header field value of "0"](zendframework#6907)
- [6914: Fix: Remove unused parameter and class property](zendframework#6914)
- [6915: Fix: More unused local variables](zendframework#6915)
- [6916: Fix: Yet another unused local variable](zendframework#6916)
- [6917: Fix: Unnecessary FCQN](zendframework#6917)
- [6918: Fix: Add missing return tag](zendframework#6918)
- [6919: Code improvement - removed unused variable](zendframework#6919)
- [6921: Improvement - removed some unnecessary variable assignment](zendframework#6921)
- [6923: PR for #6673. Allow to set DateTimeObject for SetCookie Expires ](zendframework#6923)
- [6927: Hotfix/6278](zendframework#6927)
- [6928: Hydrator naming strategy zend filter dependency](zendframework#6928)
- [6932: added zendframework/zend-cache into suggest at Zend\XmlRpc's composer.json](zendframework#6932)
- [6933: Remove dependency of Zend\ModuleManager on Zend\Mvc](zendframework#6933)
- [6935: bugfix wrong atom datetime format in updated](zendframework#6935)
- [6937: Update Hostname.php](zendframework#6937)
- [6939: Fixes CS on latest build on master : trailing_spaces](zendframework#6939)
- [6941: Zend\Validator tests refactoring](zendframework#6941)
- [6943: Fixed #6941](zendframework#6943)
- [6946: fix #6814: ignore php 5.5 scalar class name resolution](zendframework#6946)
- [6948: Improve type hints](zendframework#6948)
- [6949: Use hydrator variable only when hydrator variable is assigned](zendframework#6949)
- [6953: Little code improvements](zendframework#6953)
- [6958: Encoding Type is not set when sending Request object set as POST](zendframework#6958)
- [6959: Bug #6958 Make sure encoding type is set when sending Request](zendframework#6959)
- [6964: fixes #6952 / phpdoc Zend/Http/Request](zendframework#6964)
- [6967: PHPCS: Zend\View](zendframework#6967)
- [6968: Removed query method from mocks after issue 6798](zendframework#6968)
- [6971: PHPCS fixes for Zend\Http](zendframework#6971)
- [6972: PHPCS fixes for Zend\Json](zendframework#6972)
- [6973: PHPCS fixes for Zend\InputFilter](zendframework#6973)
- [6974: PHPCS fixes for Zend\Form](zendframework#6974)
- [6975: PHPCS fixes for Zend\I18n](zendframework#6975)
- [6976: PHPCS fixes for Zend\Filter](zendframework#6976)
- [6978: fix PHPCS errors for Zend\Test](zendframework#6978)
- [6979: fix PHPCS errors for Zend\Text](zendframework#6979)
- [6980: fix PHPCS errors for Zend\Uri](zendframework#6980)
- [6981: fix PHPCS errors for Zend\XmlRpc](zendframework#6981)
- [6982: fix PHPCS errors for Zend\Validator](zendframework#6982)
- [6984: PHPCS fixes for Zend\Log](zendframework#6984)
- [6985: PHPCS fixes for Zend\Mvc](zendframework#6985)
- [6986: PHPCS fixes for Zend\Ldap](zendframework#6986)
- [6987: PHPCS fixes for Zend\Mail](zendframework#6987)
- [6988: PHPCS fixes for Zend\Server](zendframework#6988)
- [6989: PHPCS fixes for Zend\Stdlib](zendframework#6989)
- [6990: PHPCS fixes for Zend\Serializer](zendframework#6990)
- [6991: PHPCS fixes for Zend\Session](zendframework#6991)
- [6992: PHPCS fixes for Zend\Memory](zendframework#6992)
- [6993: PHPCS fixes for Zend\Paginator](zendframework#6993)
- [6994: PHPCS fixes for Zend\ProgressBar](zendframework#6994)
- [6995: PHPCS fixes for Zend\ServiceManager](zendframework#6995)
- [6996: PHPCS fixes for Zend\Permissions](zendframework#6996)
- [6997: PHPCS fixes for Zend\Soap](zendframework#6997)
- [6998: PHPCS fixes for Zend\Mime](zendframework#6998)
- [6999: PHPCS fixes for Zend\Loader](zendframework#6999)
- [7000: PHPCS fixes for Zend\ModuleManager](zendframework#7000)
- [7001: PHPCS fixes for Zend\Test](zendframework#7001)
- [7002: Changing encode from View Helper is not passed to EscapeHtmlAttrHelper](zendframework#7002)
- [7006: optimized performance of Zend\Stdlib\AbstractOptions](zendframework#7006)
- [7008: Bug in PriorityList](zendframework#7008)
- [7011: .php_cs - sort fixers](zendframework#7011)
- [7012: PHP >=5.4 Syntax in AbstractHelperTest](zendframework#7012)
- [7013: Hotfix/#7012 zend view php 5.4 syntax removal](zendframework#7013)
- [7018: [Validator\ Hostname: disallowed Unicode code point](zendframework#7018)
- [7019: fixed #7018 : Hostname validator used disallowed unicode code points](zendframework#7019)
- [7022: [Zend\Http\ check if costant TESTS_ZEND_HTTP_CLIENT_ONLINE is defined](zendframework#7022)
- [7023: Fixes #7022 TESTS_ZEND_HTTP_CLIENT_ONLINE check](zendframework#7023)
- [7030: #6414-Add a condition for captcha element](zendframework#7030)
- [7033: Cache: fixed some minor documentation issues](zendframework#7033)
- [7036: PhpDoc fixes for Zend\Mvc](zendframework#7036)
- [7047: cs fixes for Zend\Cache](zendframework#7047)
- [7048: cs fixes for Zend\Code](zendframework#7048)
- [7060: Removed hard coded dependency to Zend\Mvc from Zend\ModuleManager](zendframework#7060)
- [7061: remove unused imports](zendframework#7061)
- [7062: remove unused variables](zendframework#7062)
- [7063: PhpDoc: fix return types and other incompatibilities](zendframework#7063)
- [7064: Need update dependencies in zendframework/zend-db](zendframework#7064)
- [7065: Cache: fixed CAS-Feature broken for APC adapter since 2.3.0](zendframework#7065)
- [7066: Use constant for events in Zend\Db\TableGateway\Feature\EventFeature](zendframework#7066)
- [7068: Cache: better compatibility with APCu](zendframework#7068)
- [7070: Travis optimizations](zendframework#7070)
- [7074: PSR2/PHPDoc fix for Zend\Http\Client](zendframework#7074)
- [7078: Fixes CS latest build on travis : master](zendframework#7078)
- [7080: Filter\Encrypt can't filter numbers](zendframework#7080)
- [7083: Hotfix/encrypt numbers](zendframework#7083)
- [7086: Honor returned status code for HEAD requests](zendframework#7086)
- [7087: Happy new year 2015 : master](zendframework#7087)
- [7089: Correct docblock](zendframework#7089)
- [7093: Scope objectKey in nested partialLoop call](zendframework#7093)
- [7101: Fixes DocBlocks in Zend\Barcode\Object\AbstractObject](zendframework#7101)
- [7108: Fix form annotation options](zendframework#7108)
- [7109: Improved disabled inputs testing when binding values into fieldset object](zendframework#7109)
- [7110: Fix for validation timeouts, issue #4960](zendframework#7110)
- [7112: Updated the readme with the logo](zendframework#7112)
- [7114: added missing return $this to setValue method.](zendframework#7114)
- [7117: Updated german translation file](zendframework#7117)

- **ZF2015-01:** Session validators were not run if set before session start.
  Essentially, the validators were writing to the `$_SESSION` superglobal before
  session start, which meant the data was overwritten once the session began.
  This meant on subsequent calls, the validators had no data to compare against,
  making the sessions automatically valid. We have provided patches to ensure
  that validators are run only after the session has begun, which will ensure
  they validate sessions correctly going forward. If you use `Zend\Session`
  validators, we recommend upgrading immediately.

release-2.2.9

Zend Framework 2.2.9
SECURITY UPDATES
----------------

- **ZF2015-01:** Session validators were not run if set before session start.
  Essentially, the validators were writing to the `$_SESSION` superglobal before
  session start, which meant the data was overwritten once the session began.
  This meant on subsequent calls, the validators had no data to compare against,
  making the sessions automatically valid. We have provided patches to ensure
  that validators are run only after the session has begun, which will ensure
  they validate sessions correctly going forward. If you use `Zend\Session`
  validators, we recommend upgrading immediately.

release-2.3.3

Zend Framework 2.3.3
- [6576: Custom barcode adapter wasn't being set in options](zendframework#6576)
- [6664: Use is_file to check for an uploaded file](zendframework#6664)

SECURITY UPDATES
^^^^^^^^^^^^^^^^

- **ZF2014-05:** Due to an issue that existed in PHP's LDAP extension, it is
  possible to perform an unauthenticated simple bind against a LDAP server by
  using a null byte for the password, regardless of whether or not the user
  normally requires a password. We have provided a patch in order to protect
  users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all
  versions of PHP 5.3 and below). If you use `Zend\Ldap` and are on an affected
  version of PHP, we recommend upgrading immediately.
- **ZF2014-06:** A potential SQL injection vector existed when using a SQL
  Server adapter to manually quote values due to the fact that it was not
  escaping null bytes. Code was added to ensure null bytes are escaped, and
  thus mitigate the SQLi vector. We do not recommend manually quoting values,
  but if you do, and use the SQL Server adapter without PDO, we recommend
  upgrading immediately.

release-2.2.8

Zend Framework 2.2.8
**This release contains security updates:**

- **ZF2014-05:** Due to an issue that existed in PHP's LDAP extension, it is
  possible to perform an unauthenticated simple bind against a LDAP server by
  using a null byte for the password, regardless of whether or not the user
  normally requires a password. We have provided a patch in order to protect
  users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all
  versions of PHP 5.3 and below). If you use `Zend\Ldap` and are on an affected
  version of PHP, we recommend upgrading immediately.
- **ZF2014-06:** A potential SQL injection vector existed when using a SQL
  Server adapter to manually quote values due to the fact that it was not
  escaping null bytes. Code was added to ensure null bytes are escaped, and
  thus mitigate the SQLi vector. We do not recommend manually quoting values,
  but if you do, and use the SQL Server adapter without PDO, we recommend
  upgrading immediately.

release-2.3.2

Zend Framework 2.3.2
- [4747: Zend\Code\Generator\FileGenerator problem](zendframework#4747)
- [5144: Unit tests get failed occasionaly](zendframework#5144)
- [5794: Oracle incorrect SELECT FROM decoration with table alias when using nested selects](zendframework#5794)
- [5851: Sqlsrv fixes - cursor type fix, utf8 support, transaction support, varbinary update support](zendframework#5851)
- [5962: Fatal Error on /Mime/Message.php on line 111](zendframework#5962)
- [6033: Fixed charset support for Pdo&#95;Pgsql.](zendframework#6033)
- [6038: fix HeadLink docblock method declaration hints](zendframework#6038)
- [6119: Allow OCI8 Statment to Handle LOB data type](zendframework#6119)
- [6141: Fix: Indentation of method arguments](zendframework#6141)
- [6143: Form - Ignore user values for disabled elements on bind](zendframework#6143)
- [6144: Support shorthand Priority filter in Log\AbstractWriter](zendframework#6144)
- [6146: Collection validation with element as target element](zendframework#6146)
- [6147: Session validation listeners may return `null`, erroneously causing validation to fail](zendframework#6147)
- [6149: Update Collection.php](zendframework#6149)
- [6157: Fixes #5962](zendframework#6157)
- [6158: fix misspelling of 'preferred'](zendframework#6158)
- [6159: add support number of string in &#95;&#95;construct of Priority](zendframework#6159)
- [6160: CollectionInputFilter-&gt;getCount() gives wrong count on consecutive setData() calls](zendframework#6160)
- [6163: remove duplicate registered &quot;zendframework/zend-session&quot; in composer.json](zendframework#6163)
- [6164: Fix: Add missing throws tags](zendframework#6164)
- [6165: ZF2 Paginator Does Not Work with DB2](zendframework#6165)
- [6168: Math\Rand::getInteger returns no values for the given range](zendframework#6168)
- [6170: &#91;BUGFIX&#92; missing Zend XML-RPC support library](zendframework#6170)
- [6176: Fix: C/P error when creating ProcessorPluginManager](zendframework#6176)
- [6177: Fix: Indentation of array initialization, missing trailing comma](zendframework#6177)
- [6179: Fix: Indentation, missing trailing commas, extra empty lines in Log\Logger](zendframework#6179)
- [6180: Fix: Fix PHP-CS-Fixer to a working version](zendframework#6180)
- [6184: Fix mongo handler](zendframework#6184)
- [6186: Fix: Update fabpot/php-cs-fixer, remove optional path argument from command](zendframework#6186)
- [6187: Add links to main repo in each composer.json](zendframework#6187)
- [6188: Add CONTRIBUTE.md files in each component](zendframework#6188)
- [6191: Fixes Typo](zendframework#6191)
- [6192: Fixes #6187](zendframework#6192)
- [6200: Fix: Exceptions raised in Soap/Server can leave XML entity loader disabled.](zendframework#6200)
- [6205: Use composer's autoload-dev feature](zendframework#6205)
- [6207: Hotfix for UnderscoreNamingStrategy](zendframework#6207)
- [6213: Fixes typo algorihtm -&gt; algorithm](zendframework#6213)
- [6214: Added hostname for OCI8 integration tests (required on linux)](zendframework#6214)
- [6215: Console Adapter typo](zendframework#6215)
- [6217: Fixes typo : contructor -&gt; constructor](zendframework#6217)
- [6218: `iconv.internal&#95;encoding` is deprecated](zendframework#6218)
- [6219: #6218 - applying hotfix for `iconv.internal&#95;encoding` deprecation](zendframework#6219)
- [6222: Fix a sequence name with double quotes for PostgreSQL to preserve name registry](zendframework#6222)
- [6223: Fix double registration of a complex type](zendframework#6223)
- [6228: Fix parameter format causing duplicate mails](zendframework#6228)
- [6237: Fixes typos](zendframework#6237)
- [6238: Fix: CS of closure](zendframework#6238)
- [6245: Fix invalid step error caused by DST](zendframework#6245)
- [6250: Db\Sql\Update use sortable set](zendframework#6250)
- [6253: Zend code doesn't generate heredoc correctly ](zendframework#6253)
- [6254: Fixes #6188](zendframework#6254)
- [6255: Zend code generator eats last brace](zendframework#6255)
- [6261: Update StringTrim to allow '0' as charlist](zendframework#6261)
- [6266: Fix delegators config with Mvc\Application](zendframework#6266)
- [6277: Digit filter should ignore boolean input](zendframework#6277)
- [6281: SessionHandler - MongoDbOptions default saveOptions not valid for pre-1.3 mongo driver](zendframework#6281)
- [6283: Fixes #6253 updated regex to properly respect heredoc](zendframework#6283)
- [6286: Fixes #6255 - removed regex for token parsing](zendframework#6286)
- [6292: Created russian translation for Zend&#95;Captcha.](zendframework#6292)
- [6293: zend-barcode without zend-servicemanager and zend-validator](zendframework#6293)
- [6295: Fieldset ignore disabled elements](zendframework#6295)
- [6297: DateTime (I18n) uses a wrong function in &quot;isValid&quot; function](zendframework#6297)
- [6300: Float (I18n) parsing trouble](zendframework#6300)
- [6302: Fixes issue #4747 - FileGenerator now properly generates files.](zendframework#6302)
- [6303: fixes #5144: Cache: wait for full second before start TTL tests](zendframework#6303)
- [6306: Console\RouteNotFoundStrategy throws invalid index exception](zendframework#6306)
- [6307: Closes #6306 - Console\RouteNotFoundStrategy invalid index](zendframework#6307)
- [6310: Fix Zend/Barcode composer.json to require zendframework/zend-validator.](zendframework#6310)
- [6311: Fixes #6297: Fixes logic that checks if IntlDateFormatter parsed the string properly.](zendframework#6311)
- [6315: Zend\Http\Client\Adapter\Curl does not send a proper DELETE request when request body is provided, hangs](zendframework#6315)
- [6318: Add body to curl DELETE request if one is specified.](zendframework#6318)
- [6321: I18n/Validator/DateTime should use mb&#95;strlen() instead of strlen()](zendframework#6321)
- [6325: Fixes typo](zendframework#6325)
- [6326: Bugfix/thousand separator in number validator](zendframework#6326)
- [6330: Bugfix/merging inputs with allow empty](zendframework#6330)
- [6333: Fix for performance issue in Http\Response](zendframework#6333)
- [6335: Fix and test case for: RowGateway primary key not null constraint do not fail with empty string](zendframework#6335)
- [6336: Fixes link media type list for iana and wikipedia](zendframework#6336)
- [6351: update DE translation header](zendframework#6351)
- [6361: Fixes #6281 - mongodb saveOptions not checked correctly](zendframework#6361)
- [6373: Fix for #6300 -  I18n float validator rewrite](zendframework#6373)
- [6382: Fix for #6377 - Zend\Session\Service\SessionConfigFactory: Wrong placeholder in Exception string](zendframework#6382)
- [6391: UrlTest : missing private properties $url and $router](zendframework#6391)
- [6393: unused parameters $sm for plugins factory](zendframework#6393)
- [6400: Fix / tests for #6363](zendframework#6400)
- [6401: Fixes @return docblock for Zend\Paginator\Adapter\Service\DbSelectFactory::createService()](zendframework#6401)
- [6402: Fixes grammar](zendframework#6402)
- [6412: Fix nested CollectionInputFilter not valid if count not specified](zendframework#6412)
- [6423: Validate uploaded filename only if no upload error occured.](zendframework#6423)
- [6427: Zend Session fatal error in get array copy](zendframework#6427)
- [6429: Update Zend&#95;Validate.php](zendframework#6429)
- [6430: Method setObject on Zend/Form/Element/Collection overrides count of target element](zendframework#6430)
- [6440: Fixed typo](zendframework#6440)
- [6443: Change method to set count fixes #6430](zendframework#6443)
- [6446: Fix for #6445, adding pagination and transaction to IBM DB2 for Zend\Db](zendframework#6446)
- [6452: Fix + tests for #5969](zendframework#6452)
- [6462: Fix for odd php-cs-fixer finds](zendframework#6462)
- [6472: Clear values on CollectionInputFilter before adding new data](zendframework#6472)
- [6480: Fix: Undefined field in Zend\Http\Header\Origin](zendframework#6480)
- [6484: fix #6480](zendframework#6484)
- [6487: Remove trailing whitespaces](zendframework#6487)
- [6490: PHPCS Fixes for Zend\Authentication](zendframework#6490)
- [6491: Header\ContentType: remove empty values from parsed header](zendframework#6491)
- [6494: CollectionInputFilter throws warning if invalid collection provided](zendframework#6494)
- [6495: Redis Server URI correct parsing](zendframework#6495)
- [6500: PHPCS fixes for Zend\Barcode](zendframework#6500)
- [6505: swap order of initalization](zendframework#6505)
- [6506: Missing dependency to zend-form in zend-mvc](zendframework#6506)
- [6510: Fix 6428 - authenticate() always fails on IBMi when using DB table-based authentication](zendframework#6510)
- [6511: conflicting PHPDoc @return values in SharedEventManager](zendframework#6511)
- [6512: fixed conflicted phpdoc return values (see #6511)](zendframework#6512)
- [6521: PHPCS fixes for Zend\\Cache](zendframework#6521)
- [6522: PHPCS fixes for Zend\Code](zendframework#6522)
- [6529: Update polish translation](zendframework#6529)
- [6531: PHPCS fixes for Zend\Config](zendframework#6531)
- [6532: PHPCS fixes for Zend\Console](zendframework#6532)
- [6533: PHPCS fixes for Zend\Crypt](zendframework#6533)
- [6535: PHPCS fixes for Zend\EventManager](zendframework#6535)
- [6536: PHPCS fixes for Zend\Navigation](zendframework#6536)
- [6541: Zend Db Query Builder Optimisation](zendframework#6541)
- [6549: Link to new version of the QuickStart user guide](zendframework#6549)
- [6551: Fixes CS : trailing spaces and unused use](zendframework#6551)

release-2.3.1

Zend Framework 2.3.1
====================

- [5392: Zend Db: Multiple nested selects - Zend Paginator with nested select bind parameters error](zendframework#5392)
- [5857: Fixes #4521](zendframework#5857)
- [5863: patch #5860 ](zendframework#5863)
- [5948: Circular dependency test for #5651](zendframework#5948)
- [5956: Prevent fatal error in JsonRpc-Client](zendframework#5956)
- [5957: php 5.6 compatibility](zendframework#5957)
- [5958: fix typo](zendframework#5958)
- [5959: Issue - AbstractDiServiceFactory ,MvcTranslatorFactory throws Exception](zendframework#5959)
- [5964: Upgrading branch aliases for components: 2.2-dev -&gt; 2.3-dev, 2.3-dev -&gt; 2.4-dev](zendframework#5964)
- [5968: Collection Input Filter fix messages](zendframework#5968)
- [5970: Adds disableInArrayValidator check to Radio](zendframework#5970)
- [5972: permissions : docBlock](zendframework#5972)
- [5973: Rbac::getRole() : check object-&gt;getName()](zendframework#5973)
- [5975: Update wrong DocBlock comment](zendframework#5975)
- [5978: ZF 2.3.0 BC break in MvcTranslator](zendframework#5978)
- [5979: Fix BC break in TranslatorServiceFactory](zendframework#5979)
- [5983: &#91;cs-fixer&#92; Centralize configuration in a single file](zendframework#5983)
- [5985: Corrected placeholder token '%' for some translations](zendframework#5985)
- [5986: InputFilter\Factory can't handle config with null input](zendframework#5986)
- [5988: Fix patterns for mobile (allows 7 as fisrt number)](zendframework#5988)
- [5989: Allow aria-labelledby and aria-describedby attributes in form elements](zendframework#5989)
- [5991: ---removed---](zendframework#5991)
- [5997: Update segment route to TranslatorInterface](zendframework#5997)
- [5998: Add missing bitwise validator in pluginmanager](zendframework#5998)
- [6000: Blackhole cache adapter : docblock corrections](zendframework#6000)
- [6003: typo on comment fixed](zendframework#6003)
- [6004: InputFilterPluginManager needs to allow InputInterface retrieval](zendframework#6004)
- [6007: ZendMvc depends on ZendLog by default in 2.3.0, add it to composer](zendframework#6007)
- [6009: Form\Element\Select multiple is always required](zendframework#6009)
- [6012: Zend\ProgressBar\Adapter\Console::notify should use mb&#95;substr](zendframework#6012)
- [6019: Fix for #6012 - Use wrapper for substr() in ProgressBar](zendframework#6019)
- [6021: Missed variable, renamed to one which exists.](zendframework#6021)
- [6022: Invalid instantiator of type &quot;NULL&quot; for &quot;Zend\I18n\Translator\TranslatorInterface&quot;](zendframework#6022)
- [6023: Parameter generator backslash escaping](zendframework#6023)
- [6024: Dispatch error should be preventable](zendframework#6024)
- [6026: decompress() Zend/Filter/Compress/Zip fix](zendframework#6026)
- [6027: Allow empty response strings in \Zend\Http\Response::fromStream](zendframework#6027)
- [6028: Method getValue should check the type of input inside InputFilter](zendframework#6028)
- [6030: Remove duplicate comment](zendframework#6030)
- [6031: remove double semicolon](zendframework#6031)
- [6032: fix comment on PhpMemoryArray loader](zendframework#6032)
- [6035: fix exception message. Must be Stdlib\Hydrator](zendframework#6035)
- [6037: Require PHP extension mcrypt in composer.json](zendframework#6037)
- [6041: Hotfix : Zend\Test trace error flag](zendframework#6041)
- [6042: Fix documentation](zendframework#6042)
- [6045: File Form Element don't works](zendframework#6045)
- [6046: Allow InputInterface retrieval from InputFilterPluginManager](zendframework#6046)
- [6047: Fix Zend\Test test](zendframework#6047)
- [6049: Fix for issue 6048](zendframework#6049)
- [6050: update copyright year that still using 2013 to 2014](zendframework#6050)
- [6051: 2.2.6 -&gt; 2.3.0 causes DI to try to instantiate `Zend\I18n\Translator\TranslatorInterface` instead of `Zend\I18n\Translator\Translator`](zendframework#6051)
- [6056: Fixes a typo](zendframework#6056)
- [6061: added missing License header](zendframework#6061)
- [6062: fixed typo](zendframework#6062)
- [6070: code-to-explain-code test in MultiCheckboxTest to check multi selected ](zendframework#6070)
- [6071: Re enable zip compression tests on Travis](zendframework#6071)
- [6077: fix for issue 6076. avoid GlobIterator globbing to directories which it ...](zendframework#6077)
- [6082: Using \Zend\Db\Sql\Expression as part of join name.  Object of class Zend\Db\Sql\Expression could not be converted to string](zendframework#6082)
- [6083: NumberOfParameterFilter correctly handles argument count greater than 0.](zendframework#6083)
- [6085: Fixes #5929 - Remove a page recursively](zendframework#6085)
- [6089: Problems with serializing Zend\Stdlib\ArrayObject](zendframework#6089)
- [6092: Hotfix for #6089 - ArrayObject serialization doesn't restore `protectedProperties`](zendframework#6092)
- [6093: Fix unused imports and local variables](zendframework#6093)
- [6094: Fix undefined classes, constants and methods](zendframework#6094)
- [6096: Prevent ArrayObject recursion in 5.6](zendframework#6096)
- [6100: More tests for nested form fieldsets](zendframework#6100)
- [6102: Zend\Filter\Compress\Tar::setMode() would not work](zendframework#6102)
- [6103: Zend\Filter\Compress\Tar::setMode() should work with case-insensitive](zendframework#6103)
- [6104: Validator\Ip should not allow newlines in any case.](zendframework#6104)
- [6105: add missing resource messages at en - Bitwize &amp; Datestep](zendframework#6105)
- [6106: suggest ext-mcrypt](zendframework#6106)
- [6110: Allow session garbage collection to use an index](zendframework#6110)
- [6116: fixed typos](zendframework#6116)
- [6118: Extra fieldsets are created when calling form bind multiple times](zendframework#6118)
- [6123: Mail: Require Zend\Validator](zendframework#6123)
- [6125: added missing { and } after if](zendframework#6125)
- [6126: Tiny typo fix in docblock](zendframework#6126)
- [6128: Fix class description](zendframework#6128)
- [6129: change is&#95;null($var) to (null === $var) for consistency](zendframework#6129)
- [6130: change docblocks and comments that still using &quot;Zend&#95;&quot; to &quot;Zend\&quot;](zendframework#6130)
- [6132: FormElementManager: Only initialize a shared element once](zendframework#6132)
- [6136: Fix: No need to prefix imports](zendframework#6136)
- [6139: Fix: Test name](zendframework#6139)
- [6140: Fix: Indentation in array initialization, trailing commas](zendframework#6140)

SECURITY FIXES
--------------

- **ZF2014-03:** Potential XSS vector in multiple view helpers due to
  inappropriate HTML attribute escaping. Many view helpers were using the
  `escapeHtml()` view helper in order to escape HTML attributes. This release
  patches them to use the `escapeHtmlAttr()` view helper in these situations.
  If you use form or navigation view helpers, or "HTML element" view helpers
  (such as `gravatar()`, `htmlFlash()`, `htmlPage()`, or `htmlQuicktime()`), we
  recommend upgrading immediately.

release-2.2.7

Zend Framework 2.2.7
====================

SECURITY FIXES
--------------

- **ZF2014-03:** Potential XSS vector in multiple view helpers due to
  inappropriate HTML attribute escaping. Many view helpers were using the
  `escapeHtml()` view helper in order to escape HTML attributes. This release
  patches them to use the `escapeHtmlAttr()` view helper in these situations.
  If you use form or navigation view helpers, or "HTML element" view helpers
  (such as `gravatar()`, `htmlFlash()`, `htmlPage()`, or `htmlQuicktime()`), we
  recommend upgrading immediately.

release-2.3.0

Zend Framework 2.3.0
- [3015: $escapeHtmlHelper is not optional, in case you want real HTML as a label](zendframework#3015)
- [3198: Limit/offset doesn't work properly when using parameters and SQL Server drivers](zendframework#3198)
- [4021: Mysqli driver raise a lot of warning about Undefined property after connection closed](zendframework#4021)
- [4280: begin,commit and rollback methods for PostgreSQL have been implemented](zendframework#4280)
- [4290: Zend\Db\Sql setTable method ommit array](zendframework#4290)
- [4304: Add support for dblib PDO driver in quoteValue()](zendframework#4304)
- [4348: Add isActive method Navigation Page Uri.](zendframework#4348)
- [4397: Add coveralls support and fix a few testing bugs related to coverage](zendframework#4397)
- [4400: Ability to get an element with creation options from the FormElementManager](zendframework#4400)
- [4401: add flag for fallback value](zendframework#4401)
- [4427: add group and having ability to Paginator\Adapter\DbTableGateway](zendframework#4427)
- [4443: Translator\Loader\PhpArray can't load from the include path](zendframework#4443)
- [4449: Console route improvements](zendframework#4449)
- [4455: Need way to specify in the logger configuration the factory for the own writer](zendframework#4455)
- [4489: Replacing the magic number for a list of constants in Validator\NotEmpty](zendframework#4489)
- [4505: Give modules the ability to modify application config after their own co...](zendframework#4505)
- [4510: Introduce Zend\I18n\Filter\NumberParse based on Zend\I18n\Filter\NumberFormat](zendframework#4510)
- [4512: blackhole cache storage adapter](zendframework#4512)
- [4515: Issue #4443 - Zend\I18n\Translator\Loader\PhpArray can now load files from include path](zendframework#4515)
- [4534: Introduce JsonSerializable polyfill and support in Zend\Json\Encoder](zendframework#4534)
- [4574: Config\Factory can read from include&#95;path](zendframework#4574)
- [4584: Composer dependencies fixed](zendframework#4584)
- [4606: Supports the encoding of the console and encodes the text to display if needed](zendframework#4606)
- [4610: Version warning http:// wrapper is disabled in the server configuration by allow&#95;url&#95;fopen=0](zendframework#4610)
- [4625: Use Zend\Http\Client in Zend\Version](zendframework#4625)
- [4653: Zend\Authentication\Adapter\Http::&#95;challengeClient() should be public](zendframework#4653)
- [4662: Zend\Db PDO adapter ignoring charset](zendframework#4662)
- [4677: Add Form\Element labelOptions property w/ implemented use case](zendframework#4677)
- [4679: !IE support for conditional comments powered viewhelper](zendframework#4679)
- [4742: LoggerAwareInterface and its Trait](zendframework#4742)
- [4751: Hydrator aware trait](zendframework#4751)
- [4752: Hydrator refactoring](zendframework#4752)
- [4756: getValue() for MonthSelect, DateSelect and DateTimeSelect Form Elements ](zendframework#4756)
- [4764: Add interface `FilterEnabledInterface`](zendframework#4764)
- [4767: Make include&#95;path functionality of Config and Translator opt-in](zendframework#4767)
- [4781: Adding missing &quot;NOT IN&quot; predicate](zendframework#4781)
- [4785: CSRF element naming conflicts](zendframework#4785)
- [4813: Zend log filter sample](zendframework#4813)
- [4815: Make HTTP auth adapter's challengeClient() method public](zendframework#4815)
- [4822: Simplification of the HTML class name in Tag\Cloud\Decorator\HtmlCloud](zendframework#4822)
- [4824: Add Config Reader for Java-style .properties files and strings](zendframework#4824)
- [4831: Zend\Mvc\Application::run returns ResponseInterface.](zendframework#4831)
- [4836: Adding warning namespace](zendframework#4836)
- [4844: Add cas operation for apc adapter](zendframework#4844)
- [4846: DisableInArrayValidator for Multicheckbox](zendframework#4846)
- [4849: Fix Application::run() return values](zendframework#4849)
- [4852: ArrayObject::offsetExists - Fix check on offsetExists](zendframework#4852)
- [4860: abstract factory for configs reading keys from merged config](zendframework#4860)
- [4864: enhancement of ProvidesEvents trait](zendframework#4864)
- [4871: Use .eml extensions for emails stored with Zend\Mail\Transport\File](zendframework#4871)
- [4884: Allow replacing elements within a form collection](zendframework#4884)
- [4903: Update MemoryManager.php](zendframework#4903)
- [4904: Update Feed.php](zendframework#4904)
- [4907: Changed self::SPECIFICATION&#95;* to static::SPECIFICATION&#95;* in non declarat...](zendframework#4907)
- [4908: Segregation HydratorInterface](zendframework#4908)
- [4912: Fix spelling of &quot;marshall&quot;](zendframework#4912)
- [4913: make use of mickey179/vfsStream in unit tests: Zend\Test](zendframework#4913)
- [4927: Nested Fieldset value can be a Traversable](zendframework#4927)
- [4931: Mime\Message: createFromString: really ignore unknown headers](zendframework#4931)
- [4940: New Zend\Validator\Bitwise](zendframework#4940)
- [4946: Add assertTemplateName and assertNotTemplateName](zendframework#4946)
- [4950: Add matching capabilities to the Content-Type header](zendframework#4950)
- [4962: added &quot;ControllerManager&quot; Manager, and make &quot;ControllerLoader&quot; as alias of it](zendframework#4962)
- [4969: PartialLoop helper: prevent convert traversable model to array recursive...](zendframework#4969)
- [4971: Form\Factory can handle config with null elements](zendframework#4971)
- [4973: Issue 4662 - Zend\Db\PDO adapter driver ignores charset option](zendframework#4973)
- [4979: Add multiple translation text domains to Zend\Navigation](zendframework#4979)
- [4980: change of version checks to use PHP&#95;VERSION&#95;ID constant.](zendframework#4980)
- [4989: &#91;Zend-Code&#92; Find php 5.4 traits with TokenArrayScanner](zendframework#4989)
- [4995: &#91;SessionManagerFactory&#92; Configuration of validators in SessionManagerFactory](zendframework#4995)
- [5019: added role attribute](zendframework#5019)
- [5024: &#91;BC Break&#92; Added the set /getPbkdf2HashAlgorithm() in BlockCipher](zendframework#5024)
- [5025: Support for 'origin' header value?](zendframework#5025)
- [5029: Support for Origin header](zendframework#5029)
- [5032: Added metadata for oracle](zendframework#5032)
- [5034: Locale aware fix](zendframework#5034)
- [5043: DocBlock Reflection not returning correct tags](zendframework#5043)
- [5064: Added optional charset to pdo dsn](zendframework#5064)
- [5069: Fixed bug that caused the PDO to throw an invalid keyword error](zendframework#5069)
- [5072: PSR-2 : add space before and after between (if and foreach) and parenthesis](zendframework#5072)
- [5080: Added separator to model in renderPartial function](zendframework#5080)
- [5082: Simplification](zendframework#5082)
- [5089: Test for the getArrayCopy method in AbstractRestultSet](zendframework#5089)
- [5101: Update label view helper to have html escape by default](zendframework#5101)
- [5106: Fix CollectionInputFilter validation when empty data is being processed](zendframework#5106)
- [5108: Hotfix/4879](zendframework#5108)
- [5136: Zend\Navigation - add to AbstractPage static factories](zendframework#5136)
- [5138: Zend/Navigation/Page/Mvc add default route name](zendframework#5138)
- [5139: Zend/Navigation/View/HelperConfig - configurable view helper](zendframework#5139)
- [5209: increase consistency : call $this-&gt;events, $this-&gt;event, $this-&gt;response, and $this-&gt;request directly at Zend\Mvc\Application.php](zendframework#5209)
- [5211: Get the connected dsn string that is now stored when the pdo connection is made](zendframework#5211)
- [5226: Fix/form label options](zendframework#5226)
- [5237: ServiceManager - fix AbstractFactories performance and service waiting](zendframework#5237)
- [5238: allow empty fieldset labels in formCollection view helper](zendframework#5238)
- [5242: form collection attributes](zendframework#5242)
- [5245: Fix code reflection - getBody/getContents method](zendframework#5245)
- [5255: Get ViewModel children by capture](zendframework#5255)
- [5260: Zend/Db/Sql/Insert - implement insert into select construction](zendframework#5260)
- [5261: DevelopThis is a new PR since the base branch has changed.  Please see #5017](zendframework#5261)
- [5262: Zend code method prototype](zendframework#5262)
- [5266: Throw an exception in PhpRenderer when the resolved file path is not rea...](zendframework#5266)
- [5272: Create Callback adapter for Zend\Paginator](zendframework#5272)
- [5283: Deprecate ProvidesEvents trait](zendframework#5283)
- [5289: Abstract Factories handling is inconsistent with normal Factories](zendframework#5289)
- [5304: &#91;psr-2&#92; Add whitespace for anonymous functions.](zendframework#5304)
- [5308: Zend\Db\Resultset fix buffering](zendframework#5308)
- [5312: Locale aware fix](zendframework#5312)
- [5313: &#91;http&#92; fix many header issues](zendframework#5313)
- [5316: Added Content Security Policy 1.0 header class](zendframework#5316)
- [5321: Zend\Db\Adapter alow to use the temporary ResultSetPrototype](zendframework#5321)
- [5329: change self:: with static:: in call-ing static property/method](zendframework#5329)
- [5338: ZendTest - added tearDown for Netbeans tests](zendframework#5338)
- [5341: Missing notIn predicate](zendframework#5341)
- [5354: Can't inherit abstract function Zend\Validator\Translator\TranslatorInterface::translate()](zendframework#5354)
- [5355: Handle 'disable&#95;html&#95;escape' option in FormButton helper](zendframework#5355)
- [5356: Deprecate Zend\Dom\Query in favor of more logical OO approach](zendframework#5356)
- [5358: &#91;Zend\Navigation&#92; Extracting the translation from &quot;htmlify&quot;-method into ...](zendframework#5358)
- [5364: Add Naming strategy for Hydrators](zendframework#5364)
- [5365: &#91;stdlib&#92; Add guard utils and traits](zendframework#5365)
- [5377: &#91;http&#92; Allow headers without whitespace after &quot;:&quot;](zendframework#5377)
- [5380: Zf hydrator strategy context](zendframework#5380)
- [5390: Add regression test for #5237](zendframework#5390)
- [5391: CS fix for #5245](zendframework#5391)
- [5393: Properly set only specified methods](zendframework#5393)
- [5394: use namespaces in versiontest](zendframework#5394)
- [5395: ServiceManager::has() when assigned non String or Array causes Undefine Notice errors](zendframework#5395)
- [5396: Fix for issue #5395](zendframework#5396)
- [5398: fixed typo](zendframework#5398)
- [5400: fixes #5384 - getValue now returns metadata of the value, added getValueType](zendframework#5400)
- [5403: README fix of Zend\Dom\Query (#5356)](zendframework#5403)
- [5406: Make I18n component completely optional for Mvc](zendframework#5406)
- [5408: Fixes for #5356](zendframework#5408)
- [5420: Added ability to compose collections via Zend Form annotations](zendframework#5420)
- [5436: &#91;WIP&#92; Zend\Filter harmonization (Issue 5119)](zendframework#5436)
- [5456: Enable input filter config from annotations to be passed on via composed collections](zendframework#5456)
- [5458: &#91;Validator&#92; Refactor Date](zendframework#5458)
- [5459: fix docblock and exception that still use &quot;Zend&#95;&quot; prefix](zendframework#5459)
- [5469: Abstract console controller](zendframework#5469)
- [5470: Add Zend\Mail\Transport\Factory](zendframework#5470)
- [5484: Db\Sql\Select use functions without table](zendframework#5484)
- [5496: Oracle hotfix for #5488 (casing in sequence helper)](zendframework#5496)
- [5533: &#91;WIP&#92; Added option to ensure form element will be rendered inside label tag ev...](zendframework#5533)
- [5538: Zend\Db\Sql\Ddl\CreateTable - fix create temporary tables](zendframework#5538)
- [5557: Fixed non-working Spanish validator translation](zendframework#5557)
- [5562: Add unsetValueOption() to the Form\Element\Select and Form\Element\MultiCheckbox](zendframework#5562)
- [5569: Fixed boolean/integer BC break in Zend\Config\Writer\PhpArray](zendframework#5569)
- [5587: Changed the default cost of bcrypt to 10](zendframework#5587)
- [5593: Added resources/languages/id for Indonesian translation](zendframework#5593)
- [5602: Update minimum required PHP version to 5.3.23](zendframework#5602)
- [5604: &#91;2.3.0&#92; change php require version from 5.3.3 to 5.3.23 in all resources and update tests that no longer support 5.3.3](zendframework#5604)
- [5605: Fixed session&#95;cache&#95;limiter available options](zendframework#5605)
- [5611: Adding HHVM to build matrix](zendframework#5611)
- [5612: make 'listeners' key can be configured outside application.config.php](zendframework#5612)
- [5616: Prettify the output of Zend\Code\Generator\ValueGenerator for multi line arrays](zendframework#5616)
- [5628: Acl assertions enhancement](zendframework#5628)
- [5638: BaseInputFilter handles missing data properly](zendframework#5638)
- [5642: Offset may be specified without a limit. Causes syntax error in mysql, sqlite and maybe others](zendframework#5642)
- [5643: Fixes #5642](zendframework#5643)
- [5649: Added a assertion method for the response phrase of a http response.](zendframework#5649)
- [5650: Set custom class name for active li element](zendframework#5650)
- [5651: Allow modules to load their own dependencies](zendframework#5651)
- [5664: &#91;Minor BC&#92; Remove translation of validator keys](zendframework#5664)
- [5665: &#91;http&#92; Normalize Content-Transfer-Encoding](zendframework#5665)
- [5666: Remove translations in Zend\Form\View\Helper\FormElementErrors #5646](zendframework#5666)
- [5670: Add controller namespace prefix to template mapping](zendframework#5670)
- [5689: Fix BC break with skeleton for Translator Service](zendframework#5689)
- [5692: Additional MVC Translator BC fixes](zendframework#5692)
- [5698: #5665 Normalize Http Content-Transfer-Encoding](zendframework#5698)
- [5702: Stdlib - PriorityList move from Zend\Mvc\Router to Stdlib](zendframework#5702)
- [5711: Implemented writeTextBlock method in Zend\Console\Adapter\AbstractAdapter](zendframework#5711)
- [5713: Adding Zend\Console\Getopt option callback hooks](zendframework#5713)
- [5717: Hotfix/various fixes](zendframework#5717)
- [5719: Feature/make collection configurable](zendframework#5719)
- [5720: Fix #5671 - console routing not correct](zendframework#5720)
- [5724: 5.3.3 -&gt; 5.3.23 missing dump](zendframework#5724)
- [5730: Zend\Test Fix persistence with multi dispatch](zendframework#5730)
- [5731: Zend\Test Provide dispatch like a XmlHttpRequest](zendframework#5731)
- [5732: Fix for issue #5629](zendframework#5732)
- [5736: fix strange exception message in Mysqli connection](zendframework#5736)
- [5741: Make allowObjectBinding configurable for Fieldsets](zendframework#5741)
- [5747: Implementation of inTransaction() in all Zend\Db\Adapter\Drivers](zendframework#5747)
- [5748: added a submodule loading to testCanLoadMultipleModules](zendframework#5748)
- [5751: Updated Bulgarian translation](zendframework#5751)
- [5757: Zend\Config\Writer\PhpArray needs to use var&#95;export for strings, not addslahes()](zendframework#5757)
- [5759: Update FlashMessenger.php](zendframework#5759)
- [5780: Allow specifying &quot;break chain on failure&quot; flag as Validator option](zendframework#5780)
- [5783: Do not exit from loadClass() early](zendframework#5783)
- [5792: &#91;Soap/Server&#92; add debug mode](zendframework#5792)
- [5793: &#91;Soap\Client\DotNet&#92;&#91;FIX&#92; Undefined property in void return](zendframework#5793)
- [5795: ServiceManager::canCreateFromAbstractFactory() missing foreach break after valid abstract factory found](zendframework#5795)
- [5803: Hide sub menus if all pages in the sub menu is hidden.](zendframework#5803)
- [5810: &#91;Zend\Soap\Server&#92; Add getException to get caught exceptions](zendframework#5810)
- [5811: &#91;Zend\Soap\Server&#92;&#91;NEW&#92;&nbsp;add a getSoap method, return the internal instance](zendframework#5811)
- [5825: New class Translator\Loader\PhpMemoryArray ](zendframework#5825)
- [5829: Zend\Cache\Storage\Adapter\Memcache](zendframework#5829)
- [5840: Removed Zend\Http\Client\Cookies](zendframework#5840)
- [5853: Fixes #4943](zendframework#5853)
- [5854: Multiple identifiers in `In`](zendframework#5854)
- [5855: Fixes #5162](zendframework#5855)
- [5856: #5665 Fix in test for JsonStrategy](zendframework#5856)
- [5858: Deprecate Proxy auto-generation](zendframework#5858)
- [5864: patch #5860 barcode analyzer fixes](zendframework#5864)
- [5869: remove TYPE&#95;SELECT deprecated Constant that marked will go away in 2.1](zendframework#5869)
- [5875: Logger register shut down](zendframework#5875)
- [5877: Optional ProxyManager in builds](zendframework#5877)
- [5880: Updated PhpArray to expand paths using &#95;&#95;DIR&#95;&#95;](zendframework#5880)
- [5882: Allow setting formatter for Zend\Log\Writer\Db via config options](zendframework#5882)
- [5885: parametrized-locale-aware routing](zendframework#5885)
- [5897: Add get decode json data on params controller plugin](zendframework#5897)
- [5901: Add AuthenticationServiceInterface](zendframework#5901)
- [5902: Added testcase for BlockCipher using 0 values](zendframework#5902)
- [5907: &#91;#5616&#92; Adapt array indentation to PSR-2 guidelines by default](zendframework#5907)
- [5908: Allow merging text domains without plural rules](zendframework#5908)
- [5910: minor improvements to form labels](zendframework#5910)
- [5917: Fixes #5192](zendframework#5917)
- [5918: Hotfix/4785 csrf name conflicts](zendframework#5918)
- [5919: Default value for labelAttributes](zendframework#5919)
- [5920: FormRow generetes invalid HTML for MonthSelect](zendframework#5920)
- [5921: Nicaraguan phone numbering plan once again](zendframework#5921)
- [5922: Updated catalan Zend/Validate translations](zendframework#5922)
- [5923: Fix/5906 collection count is ignored when data empty](zendframework#5923)
- [5925: Update DateStep.php](zendframework#5925)
- [5926: Fix for missing required option for CollectionInputFilter](zendframework#5926)
- [5928: Fixed notice on binding entity to form](zendframework#5928)
- [5930: Fix @cover at travis build from #5853](zendframework#5930)
- [5931: Disable &lt;label&gt; for input hidden](zendframework#5931)
- [5933: Allow arbitrary error codes in JSON RPC server](zendframework#5933)
- [5936: Fix for issue #4267](zendframework#5936)
- [5937: Fix Zend\Mail\Headers::removeHeader is not removing every header matching header name](zendframework#5937)
- [5939: Fix annotation on Zend\Mail\Message::getHeaderByName](zendframework#5939)
- [5940: Zend\Db\Sql Allow MySQL to use limit when only offset was provided](zendframework#5940)
- [5941: no cast to (int) on limit&amp;offset at Zend\Db\Sql\Select.php](zendframework#5941)
- [5942: Mvc\I18n\Translator -&gt; setLocale](zendframework#5942)
- [5943: Fixed route matcher test](zendframework#5943)
- [5951: Fix console mixed case optional value params](zendframework#5951)

release-2.2.6

Zend Framework 2.2.6
====================

- [4490: Nonvalid literal value for the boolean type, PDO](zendframework#4490)
- [4993: Zend\Db\TableGateway\Feature\FeatureSet::addFeature() at line 69](zendframework#4993)
- [5125: Method scanner fixed](zendframework#5125)
- [5174: SequenceFeature](zendframework#5174)
- [5186: Minor bugfix: Added missing composer dependency (ServiceManager) to Math package](zendframework#5186)
- [5221: - Create temporary table instead of create table temporary](zendframework#5221)
- [5314: Enable persistent connections for IbmDb2.](zendframework#5314)
- [5322: Fixing a bug that causes fatal error when a RowGateway's primary key wer...](zendframework#5322)
- [5375: Fixes default type == string](zendframework#5375)
- [5383: fix for #4614 breaks error handler using Zend\Log](zendframework#5383)
- [5385: Resolves #4708 - adding transparent background support to barcode](zendframework#5385)
- [5387: fixes #5062 - No longer throw Filename cannot be empty error](zendframework#5387)
- [5401: fixed typos](zendframework#5401)
- [5402: Update range of mobile](zendframework#5402)
- [5409: &#91;rbac&#92; Typo](zendframework#5409)
- [5411: Update Czech validator messages ](zendframework#5411)
- [5412: Zend\Test needs Zend\Console as dependency](zendframework#5412)
- [5418: Added isset check for REMOTE&#95;ADDR](zendframework#5418)
- [5421: fix typo &amp; wording](zendframework#5421)
- [5422: Fix emails that contain lines that start with periods](zendframework#5422)
- [5423: Zend\Http\Header\SetCookie not compatible with older versions of pcre (and therefore CentOS)](zendframework#5423)
- [5424: Issue 3104: Form\Element &quot;x-...&quot; attributes](zendframework#5424)
- [5425: Issue 3249: FormFile does not allow &quot;value&quot; as an attribute](zendframework#5425)
- [5432: Problem with Forward Plugin](zendframework#5432)
- [5438: fix typo](zendframework#5438)
- [5444: fix indentation](zendframework#5444)
- [5445: Fixing issue with ModuleAutoloader on Windows](zendframework#5445)
- [5447: Di circular dependancies](zendframework#5447)
- [5451: Remove duplicate: zend-stdlib is already required](zendframework#5451)
- [5452: update master's resources/ja Zend&#95;Validate.php message for 2.2](zendframework#5452)
- [5453: add resources/languages/ja/Zend&#95;Captcha.php with Japanese translated](zendframework#5453)
- [5457: Zend\Db\Adapter\Driver\PdoResult::current patch](zendframework#5457)
- [5464: remove unused use](zendframework#5464)
- [5468: Add security disclosure info to README/CONTRIBUTING docs](zendframework#5468)
- [5471: Fix typehint for getServiceLocator().](zendframework#5471)
- [5472: remove unused use statements](zendframework#5472)
- [5476: Zend\Http\Header\SetCookie changed to support empty cookies](zendframework#5476)
- [5479: Add element input filters before form input filters](zendframework#5479)
- [5495: Hotfix/multiple nested collection test](zendframework#5495)
- [5497: fix for fprg](zendframework#5497)
- [5499: #5465 use strlen instead of empty](zendframework#5499)
- [5502: Update collection recursive extract and populating nested fieldsets](zendframework#5502)
- [5507: Fixed usage of imported namespace.](zendframework#5507)
- [5508: Specify correct return type for `Pdo\Connection::getLastGeneratedValue`](zendframework#5508)
- [5523: &#91;Http&#92; Fixes](zendframework#5523)
- [5534: Added ability to set form option useInputFilterDefaults in factory via s...](zendframework#5534)
- [5546: Zend/Mvc/Router encoding issue (Fixes #5516)](zendframework#5546)
- [5551: Fix Zend\Form\Element\Number $inclusive is always true (Fix for #5549)](zendframework#5551)
- [5552: Add driver options to the Oci8 Db adapter](zendframework#5552)
- [5555: &#91;Hotfix&#92; Validator\File classes behaviour with empty value](zendframework#5555)
- [5567: Fixes #4670](zendframework#5567)
- [5570: fix #5428 only read the stream contents once](zendframework#5570)
- [5575: Fix graphme&#95;substr for PHP &gt;= 5.4.18 or &gt;=5.5.1](zendframework#5575)
- [5576: Enable Travis Fast finishing](zendframework#5576)
- [5577: Fix for #4707 pgsql getLastGeneratedValue() Problem](zendframework#5577)
- [5588: More lenient db detection in Logger abstract factory](zendframework#5588)
- [5597: Fix zend server cache](zendframework#5597)
- [5609: Allow RuntimeDefinition to still process explicit classes](zendframework#5609)
- [5613: Test rewrite for avoid test skip. Related #5592](zendframework#5613)
- [5614: Fixed issue with Math\Rand::getInteger() on ranges close to PHP&#95;INT&#95;MAX](zendframework#5614)
- [5623: Adding attributes to fieldsets. Legends are optional for fieldsets.](zendframework#5623)
- [5633: Giving a Warning namespaces to FlashMessager](zendframework#5633)
- [5636: Fix for the implementation of Collection Element](zendframework#5636)
- [5641: &#91;Hotfix&#92; FilePostRedirectGet plugin and form collections](zendframework#5641)
- [5644: Addressing issue #5624. Implemented fix and added test case.](zendframework#5644)
- [5645: Update InArray.php](zendframework#5645)
- [5647: Adding Hungarian translations](zendframework#5647)
- [5659: Fix a fatal error when assert WWW-Authenticate header is sent - Hotfix/5658](zendframework#5659)
- [5669: Fix bug in InjectTemplateListenerTest](zendframework#5669)
- [5672: &#91;cs&#92; cleanup master](zendframework#5672)
- [5677: SetCookie With expiry of over 2038 fail on 32bit systems](zendframework#5677)
- [5680: Update BlockCipher.php](zendframework#5680)
- [5691: Input Factory supports &quot;break&#95;on&#95;failure&quot; option](zendframework#5691)
- [5707: update userguide manual link](zendframework#5707)
- [5714: Change hardcoded event name by its constant.](zendframework#5714)
- [5718: added a submodule loading to testCanLoadMultipleModules](zendframework#5718)
- [5729: Fixed module loader to work with *.tar modules in IIS7.5 on Win 2008 R2](zendframework#5729)
- [5739: &#91;BUGFIX&#92; DI fails with CompilerDefinition; solves #5738](zendframework#5739)
- [5746: Remove hydrator from collections](zendframework#5746)
- [5749: shortcircuit rendering if no messages](zendframework#5749)
- [5750: Change error message when no role found](zendframework#5750)
- [5752: Get an abstract defined service from an alias](zendframework#5752)
- [5754: Fixed gz decompress check for false](zendframework#5754)
- [5755: More explicit name for requested name](zendframework#5755)
- [5761: fixed typo](zendframework#5761)
- [5762: remove unneeded createService functions that actually do same with base class ( AbstractPluginManagerFactory )](zendframework#5762)
- [5768: FIX #5767 Zend\Db\Sql\Select: getRawState('order') is inconsistent](zendframework#5768)
- [5771: Fix escaped special chars in urlencoded parameters string incorrectly normalized](zendframework#5771)
- [5772: Zend\Config\Processor\Token converts boolean to string](zendframework#5772)
- [5773: Hotfix for #5772: token processor should not cast booleans to strings](zendframework#5773)
- [5775: Update Predicate.php](zendframework#5775)
- [5781: Support PHPUnit 3.8+ compatibility](zendframework#5781)
- [5782: remove unneeded key &quot;name&quot; under &quot;input&#95;filter&quot; per-element in FormAbstractServiceFactoryTest](zendframework#5782)
- [5786: Correct references toPHPUnit&#95;Runner&#95;Version::VERSION](zendframework#5786)
- [5788: Zend\Filter\Compress\Bz2 and Gz should be fully PHP &gt;= 5.4 compatible](zendframework#5788)
- [5796: \Zend\Form\Element\Email, with multiple=true leads to &ldquo;Array to string conversion&rdquo;](zendframework#5796)
- [5808: Fixes #5796](zendframework#5808)
- [5813: Fixed the classmap autoloader to work under Windows in Phar files.](zendframework#5813)
- [5814: Fix validate non required fields in CollectionInputFilter](zendframework#5814)
- [5815: Usage of a function in loops should be avoided](zendframework#5815)
- [5820: &#91;Zend\InputFilter\InputFilter&#92; SetValidationGroup() VALIDATE&#95;ALL not working recursively](zendframework#5820)
- [5824: Remove HTTP client restriction on cookies](zendframework#5824)
- [5830: Run Travis build also on PHP 5.6](zendframework#5830)
- [5831: Fixes #4926](zendframework#5831)
- [5833: Avoid function usage in loops](zendframework#5833)
- [5836: Fixes #3773](zendframework#5836)
- [5838: Fix Zend\Test for custom response usage](zendframework#5838)
- [5839: &#91;Zend\Filter\Compress&#92; added PHP 5.4 support for strings in Bz2 and Gz decompress](zendframework#5839)
- [5846: Enabling the Request object to generate the correct scheme for SSL URI ](zendframework#5846)
- [5848: Test and quick fix #5847](zendframework#5848)
- [5861: Post/Redirect/Get should keep query parameters](zendframework#5861)
- [5868: Fixes #4993](zendframework#5868)
- [5870: SSL CA File support.](zendframework#5870)
- [5871: Add processor support to the Logger options.](zendframework#5871)
- [5874: Update NotEmpty validator to use bitmasking](zendframework#5874)
- [5879: Update NotEmptyTest tests to use data providers where possible](zendframework#5879)
- [5883: Fixes #5648](zendframework#5883)
- [5887: Fixed bug that didn't allow the connection to the SQLite database to be closed](zendframework#5887)
- [5890: Hotfix/5640 for bug in nested Zend\Form\Element\Collection::extract() recursion](zendframework#5890)
- [5891: Nicaraguan phone numbering plan](zendframework#5891)
- [5892: Case-insensitive country for the PhoneNumber validator class](zendframework#5892)
- [5893: Fix bug in json prettyprint](zendframework#5893)
- [5899: fix cs from #5613](zendframework#5899)
- [5900: Fix for #5894 - .il Domain checking](zendframework#5900)
- [5903: Re-added ConstraintKeyObject which is consumed from the AbstractSource w/ test (Fixes #3512)](zendframework#5903)
- [5912: clone problem in datetimeselect form element clone method](zendframework#5912)
- [5913: Hotfix for #5912: wrong datetime select form element cloning logic](zendframework#5913)
- [5916: Zend\Http: Unit tests for multi-line headers](zendframework#5916)

- **ZF2014-01:** Potential XXE/XEE attacks using PHP functions:
  `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. A new component,
  `ZendXml`, was introduced to mitigate XML eXternal Entity and XML Entity
  Expansion vectors that are present in older versions of libxml2 and/or PHP.
  `Zend\Json\Json::fromXml()` and `Zend\XmlRpc`'s `Response` and `Fault` classes
  were potentially vulnerable to these attacks. If you use either of these
  components, we recommend upgrading immediately.

release-2.1.6

Zend Framework 2.1.6
====================

- **ZF2014-01:** Potential XXE/XEE attacks using PHP functions:
  `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. A new component,
  `ZendXml`, was introduced to mitigate XML eXternal Entity and XML Entity
  Expansion vectors that are present in older versions of libxml2 and/or PHP.
  `Zend\Json\Json::fromXml()` and `Zend\XmlRpc`'s `Response` and `Fault` classes
  were potentially vulnerable to these attacks. If you use either of these
  components, we recommend upgrading immediately.
Something went wrong with that request. Please try again.