Based on https://github.com/zendframework/zend-servicemanager/releases/tag/release-2.1.6 (commit eef6504f81b2abad6c1f6edef58e9e0e3a39dae9 in this repo)
====================
- **ZF2014-01:** Potential XXE/XEE attacks using PHP functions:
`simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. A new component,
`laminas-xml`, was introduced to mitigate XML eXternal Entity and XML Entity
Expansion vectors that are present in older versions of libxml2 and/or PHP.
`Laminas\Json\Json::fromXml()` and `Laminas\XmlRpc`'s `Response` and `Fault` classes
were potentially vulnerable to these attacks. If you use either of these
components, we recommend upgrading immediately.
Assets
2
-
2013-04-17T13:32:54Z
-
2013-04-17T13:32:54Z
-