Based on https://github.com/zendframework/zend-form/releases/tag/release-2.2.7 (commit e7477c189ace0e9634ce0b900b4776bfa1f86591 in this repo)

====================

SECURITY FIXES
--------------

- **ZF2014-03:** Potential XSS vector in multiple view helpers due to
  inappropriate HTML attribute escaping. Many view helpers were using the
  `escapeHtml()` view helper in order to escape HTML attributes. This release
  patches them to use the `escapeHtmlAttr()` view helper in these situations.
  If you use form or navigation view helpers, or "HTML element" view helpers
  (such as `gravatar()`, `htmlFlash()`, `htmlPage()`, or `htmlQuicktime()`), we
  recommend upgrading immediately.