Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


This is the second maintenance release for the 2.0 series.
21 Sep 2012

- 2383: Changed unreserved char definition in Zend\Uri (ZF2-533) and added shell
  escaping to the test runner (zendframework#2383)
- 2393: Trying to solve issue ZF2-558
- 2398: Segment route: add fix for optional groups within optional groups
- 2400: Use 'Router' in http env and 'HttpRouter' in cli
- 2401: Better precision for userland fmod algorithm


This is the first maintenance release for the 2.0 series.
20 Sep 2012

- 2285: Seed RouteMatch params as long as params is set. This permits setting an
  empty array. (zendframework#2285)
- 2286: prepareNotFoundViewModel listner -  eventResult as ViewModel if set
- 2290: <span>$label</span> only when filled
- 2292: Allow (int)0 in coomments count in entry feed
- 2295: force to check className parameters
- 2296: mini-fix in controller plugin manager
- 2297: fixed phpdoc in Zend\Mvc\ApplicationInterface
- 2298: Update to Date element use statements to make it clearer which DateTime
- 2300: FormRow translate label fix (#ZF2-516)
- 2302: Notifications now to
- 2306: Fix several cs (zendframework#2306)
- 2307: Removed comment about non existent Zend_Tool
- 2308: Fix pluginmanager get method error
- 2309: Add consistency with event name
- 2310: Update library/Zend/Db/Sql/Select.php
- 2311: Version update (zendframework#2311)
- 2312: Validator Translations (zendframework#2312)
- 2313: ZF2-336: Zend\Form adds enctype attribute as multipart/form-data
- 2317: Make Fieldset constructor consistent with parent Element class
- 2321: ZF2-534 Zend\Log\Writer\Syslog prevents setting application name
- 2322: Jump to cache-storing instead of returning
- 2323: Conditional statements improved(minor changes).
- 2324: Fix for ZF2-517: Zend\Mail\Header\GenericHeader fails to parse empty
  header (zendframework#2324)
- 2328: Wrong \__clone method (zendframework#2328)
- 2331: added validation support for optgroups
- 2332: README-GIT update with optional pre-commit hook
- 2334: Mail\Message::getSubject() should return value the way it was set
- 2335: ZF2-511 Updated refactored names and other fixes
- 2336: ZF-546 Remove duplicate check for time
- 2337: ZF2-539 Input type of image should not have attribute value
- 2338: ZF2-543: removed linked but not implemented cache adapters
- 2341: Updated Zend_Validate.php pt_BR translation to 25.Jul.2011 EN Revision
- 2342: ZF2-549 Zend\Log\Formatter\ErrorHandler does not handle complex events
- 2346: updated Page\Mvc::isActive to check if the controller param was
  tinkered (zendframework#2346)
- 2349: Zend\Feed Added unittests for more code coverage
- 2350: Bug in Zend\ModuleManager\Listener\LocatorRegistrationListener
- 2351: ModuleManagerInterface is never used
- 2352: Hotfix for AbstractDb and Csrf Validators
- 2354: Update library/Zend/Feed/Writer/AbstractFeed.php
- 2355: Allow setting CsrfValidatorOptions in constructor
- 2356: Update library/Zend/Http/Cookies.php
- 2357: Update library/Zend/Barcode/Object/AbstractObject.php
- 2358: Update library/Zend/ServiceManager/AbstractPluginManager.php
- 2359: Update library/Zend/Server/Method/Parameter.php
- 2361: Zend\Form Added extra unit tests and some code improvements
- 2364: Remove unused use statements
- 2365: Resolve undefined classes and constants
- 2366: fixed typo in Zend\View\HelperPluginManager
- 2370: Error handling in AbstractWriter::write using Zend\Stdlib\ErrorHandler
- 2372: Update library/Zend/ServiceManager/Config.php
- 2375: zend-inputfilter already requires
- 2376: Activate the new GitHub feature: Contributing Guidelines
- 2377: Update library/Zend/Mvc/Controller/AbstractController.php
- 2379: Typo in property name in Zend/Db/Metadata/Object/AbstractTableObject.php
- 2382: PHPDoc params in AbstractTableGateway.php
- 2384: Replace Router with Http router in url view helper
- 2387: Replace PHP internal fmod function because it gives false negatives
- 2388: Proposed fix for ZF2-569 validating float with trailing 0's (10.0,
  10.10) (zendframework#2388)
- 2391: clone in Filter\FilterChain
- Security fix: a number of classes were not using the Escaper component in
  order to perform URL, HTML, and/or HTML attribute escaping. Please see for more details.


Zend Framework 2.0.0

This is the first stable release of the new version 2 release branch.

04 September 2012


New and/or refactored components include:

- EventManager - provides subject/observer, pubsub, aspect-oriented programming,
  signal slots, and event systems for your applications.
- ServiceManager - provides an Inversion of Control (IoC) container for managing
  object life-cycles and dependencies via a configurable and programmable
- DI - provides a Dependency Injection Container, another form of IoC.
- MVC - a newly written MVC layer for ZF2, using controllers as services, and
  wiring everything together using events.
- ModuleManager - a solution for providing plug-and-play functionality for
  either MVC applications or any application requiring pluggable 3rd party code.
  Within ZF2, the ModuleManager provides the MVC with services, and assists in
  wiring events.
- Loader - provides new options for autoloading, including standard, performant
  PSR-0 loading and class-map-based autoloading.
- Code - provides support for code reflection, static code scanning, and
  annotation parsing.
- Config - more performant and more flexible configuration parsing and creation.
- Escaper - a new component for providing context-specific escaping solutions
  for HTML, HTML attributes, CSS, JavaScript, and combinations of contexts as
- HTTP - rewritten to provide better header, request, and response abstraction.
- I18n - a brand new internationalization and localization layer built on top of
  PHP's ext/intl extension.
- InputFilter - a new component for providing normalization and validation of
  sets of data.
- Form - rewritten from the ground up to properly separate validation, domain
  modeling, and presentation concerns. Allows binding objects to forms, defining
  forms and input filters via annotations, and more.
- Log - rewritten to be more flexible and provide better capabilities
  surrounding message formats and filtering.
- Mail - rewritten to separate concerns more cleanly between messages and
- Session - rewritten to make testing easier, as well as to make it more
  configurable for end users.
- Uri - rewritten to provide a cleaner, more object oriented interface.

Many components have been ported from Zend Framework 1, and operate in
practically identical manners to their 1.X equivalent. Others, such as the
service components, have been moved to their own repositories to ensure that as
APIs change, they do not need to wait on the framework to release new versions.

Welcome to a new generation of Zend Framework!


Zend Framework 2.0.0rc7
This is the seventh release candidate for 2.0.0. At this time, we anticipate
that this will be the final release candidate before issuing a stable release.
We highly recommend testing your production applications against it.

31 August 2012

- Zend\Di
  - Fixes ArrayDefinition and ClassDefinition hasMethods() methods to return
    boolean values.
- Zend\Form
  - Fixes issue with multi-checkbox rendering.
- Zend\I18n
  - DateFormat view helper now correctly falls back to date.timezone setting
    instead of system timezone.
- Zend\Ldap
  - Fixes an error nesting condition
- Zend\Log
  - Fixes an issue with Zend\Log\Formatter\Simple whereby it was using a legacy
    key ("info") instead of the key standardized upon in ZF2 ("extra").
  - Simple formatter now defaults to JSON-encoding for array and object
    serialization (prevents issues with some writers.)
- Zend\Mail
  - The Date header is now properly encoded as ASCII.
- Zend\Mvc
  - Fixes an issue in the ViewHelperManagerFactory whereby a condition was
    testing against an uninitialized value.
  - Added zend-console to composer.json dependencies.
- Zend\View
  - Breadcrumbs helper allows passing string container name now, allowing
    multiple navigation containers.
  - ServerUrl now works for servers behind proxies.


Zend Framework 2.0.0rc6
This is the sixth release candidate for 2.0.0. At this time, we anticipate that
this will be the final release candidate before issuing a stable release.
We highly recommend testing your production applications against it.

29 August 2012

- Zend\Config
  - The INI adapter now allows bracket notation for appending values to an array
    within INI definitions.
- Zend\Db
  - ResultInterface adds isBuffered() method for checking if the resultset is
    buffered or not. Allows for more fine grained control of result set
    buffering, including using the database engine's native buffering.
  - Insertions with multi-part keys now work properly.
  - Expression objects may now be passed to the order() method of a Select
- Zend\Form
  - You can now omit error messages on elements when rendering via formRow(), by
    passing a boolean false as the third argument of the helper.
  - You can now use concrete hydrator instances with the factory.
  - You may now set the CSRF validator class and/or options to use on the Csrf
  - The Select, Radio, and MultiCheckbox elements and view helpers were
    refactored to move value options into properties, instead of attributes.
    This makes them more consistent with other elements, and simplifies the
  - Forms now lazy-load an input filter if none has been specified; this should
    simplify usage for many, and remove the "no input filter attached"
  - All form helpers for buttons (button, submit, reset) now allow translation.
  - The formRow() view helper now allows you to set the CSS class used to
    designate an input with errors.
- Zend\Http
  - Some browser/web server combingations set SERVER_NAME to the IPv6 address,
    and enclose it in brackets. The PhpEnvironment\Request object now correctly
    detects such situations.
  - The Socket client will only fallback to SSLv3 if the ssltransport
    configuration key is not set (instead of also allowing SSLv2).
- Zend\I18n\Translator
  - Loader\LoaderInterface was splitted into Loader\FileLoaderInterface and
    Loader\RemoteLoaderInterface. The latter one will be used in ZF 2.1 for
    a database loader.
  - Translator::addTranslationPattern() and the option "translation_patterns"
    were renamed to Translator::addTranslationFilePattern and
  - A new method Translator::addRemoteTranslations() was added.
- Zend\Mvc
  - Application no longer defines the "application" identifier for its composed
    EventManager instance. If you had listeners listening on that context,
    update them to use "Zend\Mvc\Application". See this thread for more details:

  - The redirect plugin's toRoute() method signature is now synced with that of
    the url plugin's fromRoute() method.
  - The PRG plugin now allows passing no arguments; if you do so, the currently
    matched route will be used for the redirect.
- Zend\Paginator
  - Removes the factory() and related methods. This was done to be more
    consistent with other components, and also because the utility was not
    terribly useful; in most cases, developers needed to configure the adapter
    up-front anyways.
- Zend\Stdlib
  - ClassMethods Hydrator now supports boolean getters prefixed with "is".
- Zend\Validator
  - DB validators no longer mix positional and named parameters.

More than 30 pull requests for a variety of features and bugfixes were handled
since RC5, as well as almost 20 documentation changes!


Zend Framework 2.0.0rc5
This is the fifth release candidate for 2.0.0. We will be releasing RCs
on a weekly basis until we feel all critical issues are addressed. At
this time, we anticipate few API changes before the stable release, and
recommend testing your production applications against it.

23 August 2012

- Zend\Db
  - Now handles null values properly in execute mode.
  - Added SqlSrv integration tests (prompted by a bug report of issues with
    establishing a connection).
- Zend\Form
  - The FormButton helper now allows translation. However, to make this work, it
    now requires that the label value is set in the element.
  - Fixed an issue with the MultiCheckBox helper to ensure checked/unchecked
    values are properly populated.
  - The FormCheckbox view helper now requires that the element is a Checkbox
    element; this is done to ensure the required options are available.
- Zend\Log
  - The table name constructor option is now optional, allowing you to pass it
    in a configuration array.
  - Now allows using DateTime with the Db Writer.
- Zend\Http
  - Added ability to set the SSL capath option.
  - Added a check for the sslcapath being set if sslverifypeer is enabled when
    first connecting to an SSL-enabled site; an exception is thrown if all
    conditions are not met.
  - PhpEnvironment\Request object now falls back to '/' for the base path if the
    SCRIPT_FILENAME server variable is not present (true in PHP 5.4 web server
    and several others).
- Zend\I18n
  - Caching translations now works.
- Zend\Mvc
  - forward() plugin no longer results in double template rendering.
- Zend\ServiceManager
  - Now ensures that when $allowOverride is enabled that services registered
    with the same name overwrite properly.
- Zend\Validator
  - The Uri validator is now listed in the validator plugin manager.
  - The EmailAddress validator now allows setting custom error messages.
- General fixes
  - Removed all locations of error suppression remaining in the framework.
  - Synced the implementations of Zend\Mvc\Controller\Plugin\Url and

More than 20 pull requests for a variety of features and bugfixes were handled
since RC4, as well as around 30 documentation changes!


Zend Framework 2.0.0rc4
This is the fourth release candidate for 2.0.0. We will be releasing RCs
on a weekly basis until we feel all critical issues are addressed. At
this time, we anticipate few API changes before the stable release, and
recommend testing your production applications against it.

17 August 2012

- Zend\Db
  - RowGateway:  delete() now works; RowGateway objects now no longer duplicates
    the content internally leading to a larger than necessary memory footprint.
  - Adapter for PDO: fixed such that all calls to rowCount() will always be an
    integer; also fixed disconnect() from unsetting property
  - Zend\Validator\Db: fixed such that TableIdentifier can be used to promote
    schema.table identifiers
  - Sql\Select: added reset() API to reset parts of a Select object, also
    includes updated constants to refer to the parts by
  - Sql\Select and others: Added subselect support in Select, In Expression and
    the processExpression() abstraction for Zend\Db\Sql
  - Metadata: fixed various incorrect keys when refering to contstraint data in
    metadata value objects
- Zend\Filter
  - StringTrim filter now properly handles unicode whitespace
- Zend\Form
  - FieldsetInterface now defines the methods allowObjectBinding() and
  - New interface, FieldsetPrepareAwareInterface. Collection and Fieldset both
    implement this.
    - See zendframework#2184 for details
  - Select elements now handle options and validation more consistently with
    other multi-value elements.
- Zend\Http
  - SSL options are now propagated to all Socket Adapter subclasses
- Zend\InputFilter
  - Allows passing ValidatorChain and FilterChain instances to the factory
- Zend\Log
  - Fixed xml formatter to not display empty extra information
- Zend\Loader
  - SplAutoloader was renamed to SplAutoloaderInterface (consistency issue)
- Zend\Mvc
  - params() helper now allows fetching full parameter containers if no
    arguments are provided to its various methods (consistency issue)
- Zend\Paginator
  - The DbSelect adapter now works
- Zend\View
  - ViewModel now allows unsetting variables properly
- Security
  - Fixed issues in Zend\Dom, Zend\Soap, Zend\Feed, and Zend\XmlRpc with regards
    to the way libxml2 allows xml entity expansion from DOCTYPE entities when it
    is provided.

Around 50 pull requests for a variety of features and bugfixes were handled
since RC3, as well as almost 30 documentation changes!


Zend Framework 2.0.0rc2
This is the second release candidate for 2.0.0. We will be releasing RCs
on a weekly basis until we feel all critical issues are addressed. At
this time, we anticipate few API changes before the stable release, and
recommend testing your production applications against it.

01 August 2012

 - REALLY removed Zend\Markup from the repository (we reported it
   removed for RC1, and had in fact created the repository for it, but
   not removed it from the zf2 repository).
 - Addition of Hydrator strategies, to allow easier hydration of
   composed objects. The HydratorInterface remains unchanged, but the
   shipped hydrators now all implement both that and the new
 - Zend\View\Model\ViewModel::setVariables() no longer overwrites the
   internal variables container by default. If you wish to do so, it
   does provide an optional $overwrite argument; passing a boolean true
   will cause the method to overwrite the container.
 - Zend\Validator\Iban was expanded to include Single Euro Payments Area
   (SEPA) support
 - Zend\Mvc\Controller\ControllerManager now allows fetching controllers
   via DI. This is done via a new DiStrict abstract service factory,
   which only fetches services in a provided whitelist.
 - Zend\Json\Encoder now accepts IteratorAggregates.
 - Controller, Filter, and Validator plugin managers were fixed to no
   longer share instances.
 - Zend\Form was updated to only bind values that were actually provided
   in the data. Additionally, if a Collection has no entries, it will be
   removed from the validation group. Finally, elements with the name
   "0" (zero) are now allowed.
 - Zend\View\Helper\Doctype was updated to respond true to isRdfa() when
   the doctype is an HTML5 variant.
 - Zend\Navigation was fixed to ensure the navigation services is passed
   correctly between helpers. Additionally, a bug in Mvc::isActive() was
   fixed to ensure routes were properly seeded.
 - The GreaterThan and LessThan validators were updated to pass
   constructor arguments to the parents, for consistency with other
 - Log formatters are now responsible for formatting DateTime values in
   the log events.
 - The Console ViewManager was updated to extend from the standard HTTP
   version, and to use Config instead of Configuration, fixing several
   minor issues.
 - Zend\Version was moved to Zend\Version\Version (for consistency)
 - Zend\Debug was moved to Zend\Debug\Debug (for consistency)
 - All protected members that still had underscore prefixes were
   refactored to remove that prefix.
 - Identified and fixed all CS issues as identified by php-cs-fixer, and
   added php-cs-fixer to the Travis-CI build tasks.
 - ServiceManagerAwareInterface was removed from all but the most
   necessary locations, and replaced with ServiceLocatorAwareInterface.
 - Zend\Feed\Reader, Zend\Dom, Zend\Serializer\Wddx, and Zend\Soap were
   not properly protecting against XXE injections; these situations have
   now been corrected.

Around *70* pull requests for a variety of features and bugfixes were handled
since beta5!


*Zend Framework 2.0.0rc1*
This is the first release candidate for 2.0.0. We will be releasing RCs
on a weekly basis until we feel all critical issues are addressed. At
this time, we anticipate no API changes before the stable release, and
recommend testing your production applications against it.

25 July 2012

 - Documentation
   - is now in a new repository,
   - Documentation has been converted from DocBook5 to ReStructured Text
     (reST or rst).
 - Coding standards fixes
   - We are (mostly) PSR-2 compliant at this time
 - Moved all Service components, include Cloud, GData, OAuth, OpenID,
   and Rest to separate repositories under the zendframework
   organization on GitHub. This will allow them to be versioned
   separately, which allows them to break backwards compatibility when
   necessitated by API changes.
 - Removed Zend\InfoCard as InfoCard has been declared obsolete by
 - Removed Zend\Registry; without the singleton nature, it was confusing
   and no longer relevant.
 - Removed Zend\Test component. Most features are now part of PHPUnit,
   and the others were ZF1-specific.
 - Removed Zend\Wildfire, as its API was specific to ZF1, and because we
   can easily leverage FirePHP at this time.
 - Removed Zend\DocBook, as it was primarily to assist in creating
   DocBook5 skeletons for the manual; since we've moved to rst, this is
   no longer relevant.
 - Removed Zend\Dojo, as the implementation was ZF1 specific, and
   out-of-date with recent Dojo releases.
 - Moved Amf, Markup, Pdf, Queue, Search, and TimeSync to separate
   repositories, as their APIs are not yet stable. PDF will be released
   with 2.0.0rc1, but only to provide a dependency for Zend\Barcode.
 - Renamed any classes, properties, or methods referencing the word
   "configuration" to read "config" instead; this provides consistency
   internally, and with the Zend\Config component.
 - Moved Zend\Acl to Zend\Permissions\Acl.
 - Console
   - Added features for console routing, providing more flexibility over the
     traditional Getopt methodology.
   - Added colorization, tables, prompts, and a variety of other interactive
   - Added ability to use controllers to respond to console routes.
 - Crypt, Math, Filter\Encrypt and Filter\Decrypt
   - Random number generation was consolidated to Zend\Math.
   - Removed the Mcrypt adapter in Filter and replaced with a
     BlockCipher algorithm.
 - DB
   - Metadata now understands enums and sets
   - Added Replace SQL statement type
   - AbstractRowGateway provides more cohesive access to field values.
 - EventManager
   - The first call to setSharedManager() will now seed the
     StaticEventManager, in order to match user expectations that the
     shared event manager is the same everywhere.
 - Form
   - Select-style elements now have options populated as value => label
     pairs instead of label => value pairs. This is done to ensure that
     option values are unique.
   - Added getValue() and setValue() to the ElementInterface to make a
     semantic distinction between an element value and attributes. This
     allows for easier handling of non-string or calculated values, such
     as those found in the Csrf and DateTime-family of elements.
   - getMessages() now omits any elements that have an empty messages
   - Allows removing elements from Collections
   - Fixed default validators for MultiCheckbox and Radio elements
   - Custom options are now allowed for all elements, fieldsets, and
   - Labels and several other view helpers are now translator-capable
 - Http
   - set/getServer() and set/getEnv() were removed from Http\Request
     and now part of Http\PhpEnvironment\Request
   - set/getFile() methods in Http\PhpEnvironment\Request
     were renamed to set/getFiles(). Also above methods
   - When submitted form has file inputs with brackets (name="file[]")
     $fileParams parameters in Http\PhpEnvironment\Request will be
     re-structured to have the same look as query/post/server/envParams
   - each of get(Post|Query|Headers|Files|Env|Server) were provided with
     two optional arguments, a specific key to retrieve, and a default
     value to return if not found.
   - Accept header parsing is more robust with regards to priority.
 - InputFilter
   - Added ability to retrieve input objects
 - I18n
   - Moved Zend\I18n\Validator\Iban to Zend\Validator\Iban
     and replaced the option "locale" with "country_code"
 - Json
   - Enabled a number of additional flags for json_encode
 - Loader
   - Removed the PrefixPathLoader, and replaced all usages of it in the
     framework with custom AbstractPluginManager implementations; this
     includes Zend\Feed, Zend\Text, and Zend\File\Transfer.
 - Log
   - Added a MongoDB log writer
   - Added a FirePHP log writer
   - Refactored how filters are instantiated and managed to use an
     AbstractPluginManager instance.
 - Mail
   - Added a MessageId header class
 - ModuleManager
   - Made it possible to substitute alternate ServiceListener
   - Moved default service configuration from the ModuleManager to the
 - MVC
   - Fixed a potential security issue in the ControllerLoader whereby
     arbitrary, non-controller classes could be instantiated. This
     involves removing the ability to fetch controllers via the DI Proxy
     (a minor backwards compatibility break).
   - Restful controller now provides a simpler way to marshal input data
     and override the default behavior.
   - Most View-related services were moved to their own factories to
     allow easier overriding by developers.
   - New PostRedirectGet plugin, to simplify PRG strategies for form
 - Serializer was refactored to make better use of PHP 5.3 features and
   to simplify the API.
 - ServiceManager
   - Allow passing the SM instance to initializers
   - Allow specifying the classname of an InitializerInterface
     implementation to addInitializer()
 - Validator
   - ValidatorChain now has a getValidators() method
   - InArray validator now does context-aware strict checks to prevent
     false positive matches, fixing a potential security vulnerability.
 - View
   - New AbstractTranslatorHelper, for helpers that should allow

Almost *200* pull requests for a variety of features and bugfixes were handled
since beta5!
Something went wrong with that request. Please try again.