Permalink
Browse files

Merge branch 'releases/2.2.6'

Zend Framework 2.2.6
  • Loading branch information...
2 parents ad3385d + 19318af commit 5eae447d46b00a280573b94c398b2f46f45a6903 @weierophinney weierophinney committed Mar 6, 2014
Showing with 166 additions and 3 deletions.
  1. +153 −0 CHANGELOG.md
  2. +12 −2 README.md
  3. +1 −1 library/Zend/Version/Version.php
View
153 CHANGELOG.md
@@ -1,5 +1,146 @@
# CHANGELOG
+## 2.2.6 (2014-03-06)
+
+- [4490: Nonvalid literal value for the boolean type, PDO](https://github.com/zendframework/zf2/pull/4490)
+- [4993: Zend\Db\TableGateway\Feature\FeatureSet::addFeature() at line 69](https://github.com/zendframework/zf2/issues/4993)
+- [5125: Method scanner fixed](https://github.com/zendframework/zf2/pull/5125)
+- [5174: SequenceFeature](https://github.com/zendframework/zf2/issues/5174)
+- [5186: Minor bugfix: Added missing composer dependency (ServiceManager) to Math package](https://github.com/zendframework/zf2/pull/5186)
+- [5221: - Create temporary table instead of create table temporary](https://github.com/zendframework/zf2/pull/5221)
+- [5314: Enable persistent connections for IbmDb2.](https://github.com/zendframework/zf2/pull/5314)
+- [5322: Fixing a bug that causes fatal error when a RowGateway's primary key wer...](https://github.com/zendframework/zf2/pull/5322)
+- [5375: Fixes default type == string](https://github.com/zendframework/zf2/pull/5375)
+- [5383: fix for #4614 breaks error handler using Zend\Log](https://github.com/zendframework/zf2/pull/5383)
+- [5385: Resolves #4708 - adding transparent background support to barcode](https://github.com/zendframework/zf2/pull/5385)
+- [5387: fixes #5062 - No longer throw Filename cannot be empty error](https://github.com/zendframework/zf2/pull/5387)
+- [5401: fixed typos](https://github.com/zendframework/zf2/pull/5401)
+- [5402: Update range of mobile](https://github.com/zendframework/zf2/pull/5402)
+- [5409: [rbac\ Typo](https://github.com/zendframework/zf2/pull/5409)
+- [5411: Update Czech validator messages ](https://github.com/zendframework/zf2/pull/5411)
+- [5412: Zend\Test needs Zend\Console as dependency](https://github.com/zendframework/zf2/pull/5412)
+- [5418: Added isset check for REMOTE_ADDR](https://github.com/zendframework/zf2/pull/5418)
+- [5421: fix typo & wording](https://github.com/zendframework/zf2/pull/5421)
+- [5422: Fix emails that contain lines that start with periods](https://github.com/zendframework/zf2/pull/5422)
+- [5423: Zend\Http\Header\SetCookie not compatible with older versions of pcre (and therefore CentOS)](https://github.com/zendframework/zf2/pull/5423)
+- [5424: Issue 3104: Form\Element "x-..." attributes](https://github.com/zendframework/zf2/pull/5424)
+- [5425: Issue 3249: FormFile does not allow "value" as an attribute](https://github.com/zendframework/zf2/pull/5425)
+- [5432: Problem with Forward Plugin](https://github.com/zendframework/zf2/pull/5432)
+- [5438: fix typo](https://github.com/zendframework/zf2/pull/5438)
+- [5444: fix indentation](https://github.com/zendframework/zf2/pull/5444)
+- [5445: Fixing issue with ModuleAutoloader on Windows](https://github.com/zendframework/zf2/pull/5445)
+- [5447: Di circular dependancies](https://github.com/zendframework/zf2/pull/5447)
+- [5451: Remove duplicate: zend-stdlib is already required](https://github.com/zendframework/zf2/pull/5451)
+- [5452: update master's resources/ja Zend_Validate.php message for 2.2](https://github.com/zendframework/zf2/pull/5452)
+- [5453: add resources/languages/ja/Zend_Captcha.php with Japanese translated](https://github.com/zendframework/zf2/pull/5453)
+- [5457: Zend\Db\Adapter\Driver\PdoResult::current patch](https://github.com/zendframework/zf2/pull/5457)
+- [5464: remove unused use](https://github.com/zendframework/zf2/pull/5464)
+- [5468: Add security disclosure info to README/CONTRIBUTING docs](https://github.com/zendframework/zf2/pull/5468)
+- [5471: Fix typehint for getServiceLocator().](https://github.com/zendframework/zf2/pull/5471)
+- [5472: remove unused use statements](https://github.com/zendframework/zf2/pull/5472)
+- [5476: Zend\Http\Header\SetCookie changed to support empty cookies](https://github.com/zendframework/zf2/pull/5476)
+- [5479: Add element input filters before form input filters](https://github.com/zendframework/zf2/pull/5479)
+- [5495: Hotfix/multiple nested collection test](https://github.com/zendframework/zf2/pull/5495)
+- [5497: fix for fprg](https://github.com/zendframework/zf2/pull/5497)
+- [5499: #5465 use strlen instead of empty](https://github.com/zendframework/zf2/pull/5499)
+- [5502: Update collection recursive extract and populating nested fieldsets](https://github.com/zendframework/zf2/pull/5502)
+- [5507: Fixed usage of imported namespace.](https://github.com/zendframework/zf2/pull/5507)
+- [5508: Specify correct return type for `Pdo\Connection::getLastGeneratedValue`](https://github.com/zendframework/zf2/pull/5508)
+- [5523: [Http\ Fixes](https://github.com/zendframework/zf2/pull/5523)
+- [5534: Added ability to set form option useInputFilterDefaults in factory via s...](https://github.com/zendframework/zf2/pull/5534)
+- [5546: Zend/Mvc/Router encoding issue (Fixes #5516)](https://github.com/zendframework/zf2/pull/5546)
+- [5551: Fix Zend\Form\Element\Number $inclusive is always true (Fix for #5549)](https://github.com/zendframework/zf2/pull/5551)
+- [5552: Add driver options to the Oci8 Db adapter](https://github.com/zendframework/zf2/pull/5552)
+- [5555: [Hotfix\ Validator\File classes behaviour with empty value](https://github.com/zendframework/zf2/pull/5555)
+- [5567: Fixes #4670](https://github.com/zendframework/zf2/pull/5567)
+- [5570: fix #5428 only read the stream contents once](https://github.com/zendframework/zf2/pull/5570)
+- [5575: Fix graphme_substr for PHP >= 5.4.18 or >=5.5.1](https://github.com/zendframework/zf2/pull/5575)
+- [5576: Enable Travis Fast finishing](https://github.com/zendframework/zf2/pull/5576)
+- [5577: Fix for #4707 pgsql getLastGeneratedValue() Problem](https://github.com/zendframework/zf2/pull/5577)
+- [5588: More lenient db detection in Logger abstract factory](https://github.com/zendframework/zf2/pull/5588)
+- [5597: Fix zend server cache](https://github.com/zendframework/zf2/pull/5597)
+- [5609: Allow RuntimeDefinition to still process explicit classes](https://github.com/zendframework/zf2/pull/5609)
+- [5613: Test rewrite for avoid test skip. Related #5592](https://github.com/zendframework/zf2/pull/5613)
+- [5614: Fixed issue with Math\Rand::getInteger() on ranges close to PHP_INT_MAX](https://github.com/zendframework/zf2/pull/5614)
+- [5623: Adding attributes to fieldsets. Legends are optional for fieldsets.](https://github.com/zendframework/zf2/pull/5623)
+- [5633: Giving a Warning namespaces to FlashMessager](https://github.com/zendframework/zf2/pull/5633)
+- [5636: Fix for the implementation of Collection Element](https://github.com/zendframework/zf2/pull/5636)
+- [5641: [Hotfix\ FilePostRedirectGet plugin and form collections](https://github.com/zendframework/zf2/pull/5641)
+- [5644: Addressing issue #5624. Implemented fix and added test case.](https://github.com/zendframework/zf2/pull/5644)
+- [5645: Update InArray.php](https://github.com/zendframework/zf2/pull/5645)
+- [5647: Adding Hungarian translations](https://github.com/zendframework/zf2/pull/5647)
+- [5659: Fix a fatal error when assert WWW-Authenticate header is sent - Hotfix/5658](https://github.com/zendframework/zf2/pull/5659)
+- [5669: Fix bug in InjectTemplateListenerTest](https://github.com/zendframework/zf2/pull/5669)
+- [5672: [cs\ cleanup master](https://github.com/zendframework/zf2/pull/5672)
+- [5677: SetCookie With expiry of over 2038 fail on 32bit systems](https://github.com/zendframework/zf2/pull/5677)
+- [5680: Update BlockCipher.php](https://github.com/zendframework/zf2/pull/5680)
+- [5691: Input Factory supports "break_on_failure" option](https://github.com/zendframework/zf2/pull/5691)
+- [5707: update userguide manual link](https://github.com/zendframework/zf2/pull/5707)
+- [5714: Change hardcoded event name by its constant.](https://github.com/zendframework/zf2/pull/5714)
+- [5718: added a submodule loading to testCanLoadMultipleModules](https://github.com/zendframework/zf2/pull/5718)
+- [5729: Fixed module loader to work with *.tar modules in IIS7.5 on Win 2008 R2](https://github.com/zendframework/zf2/pull/5729)
+- [5739: [BUGFIX\ DI fails with CompilerDefinition; solves #5738](https://github.com/zendframework/zf2/pull/5739)
+- [5746: Remove hydrator from collections](https://github.com/zendframework/zf2/pull/5746)
+- [5749: shortcircuit rendering if no messages](https://github.com/zendframework/zf2/pull/5749)
+- [5750: Change error message when no role found](https://github.com/zendframework/zf2/pull/5750)
+- [5752: Get an abstract defined service from an alias](https://github.com/zendframework/zf2/pull/5752)
+- [5754: Fixed gz decompress check for false](https://github.com/zendframework/zf2/pull/5754)
+- [5755: More explicit name for requested name](https://github.com/zendframework/zf2/pull/5755)
+- [5761: fixed typo](https://github.com/zendframework/zf2/pull/5761)
+- [5762: remove unneeded createService functions that actually do same with base class ( AbstractPluginManagerFactory )](https://github.com/zendframework/zf2/pull/5762)
+- [5768: FIX #5767 Zend\Db\Sql\Select: getRawState('order') is inconsistent](https://github.com/zendframework/zf2/pull/5768)
+- [5771: Fix escaped special chars in urlencoded parameters string incorrectly normalized](https://github.com/zendframework/zf2/pull/5771)
+- [5772: Zend\Config\Processor\Token converts boolean to string](https://github.com/zendframework/zf2/issues/5772)
+- [5773: Hotfix for #5772: token processor should not cast booleans to strings](https://github.com/zendframework/zf2/pull/5773)
+- [5775: Update Predicate.php](https://github.com/zendframework/zf2/pull/5775)
+- [5781: Support PHPUnit 3.8+ compatibility](https://github.com/zendframework/zf2/pull/5781)
+- [5782: remove unneeded key "name" under "input_filter" per-element in FormAbstractServiceFactoryTest](https://github.com/zendframework/zf2/pull/5782)
+- [5786: Correct references toPHPUnit_Runner_Version::VERSION](https://github.com/zendframework/zf2/pull/5786)
+- [5788: Zend\Filter\Compress\Bz2 and Gz should be fully PHP >= 5.4 compatible](https://github.com/zendframework/zf2/issues/5788)
+- [5796: \Zend\Form\Element\Email, with multiple=true leads to “Array to string conversion”](https://github.com/zendframework/zf2/issues/5796)
+- [5808: Fixes #5796](https://github.com/zendframework/zf2/pull/5808)
+- [5813: Fixed the classmap autoloader to work under Windows in Phar files.](https://github.com/zendframework/zf2/pull/5813)
+- [5814: Fix validate non required fields in CollectionInputFilter](https://github.com/zendframework/zf2/pull/5814)
+- [5815: Usage of a function in loops should be avoided](https://github.com/zendframework/zf2/pull/5815)
+- [5820: [Zend\InputFilter\InputFilter\ SetValidationGroup() VALIDATE_ALL not working recursively](https://github.com/zendframework/zf2/pull/5820)
+- [5824: Remove HTTP client restriction on cookies](https://github.com/zendframework/zf2/pull/5824)
+- [5830: Run Travis build also on PHP 5.6](https://github.com/zendframework/zf2/pull/5830)
+- [5831: Fixes #4926](https://github.com/zendframework/zf2/pull/5831)
+- [5833: Avoid function usage in loops](https://github.com/zendframework/zf2/pull/5833)
+- [5836: Fixes #3773](https://github.com/zendframework/zf2/pull/5836)
+- [5838: Fix Zend\Test for custom response usage](https://github.com/zendframework/zf2/pull/5838)
+- [5839: [Zend\Filter\Compress\ added PHP 5.4 support for strings in Bz2 and Gz decompress](https://github.com/zendframework/zf2/pull/5839)
+- [5846: Enabling the Request object to generate the correct scheme for SSL URI ](https://github.com/zendframework/zf2/pull/5846)
+- [5848: Test and quick fix #5847](https://github.com/zendframework/zf2/pull/5848)
+- [5861: Post/Redirect/Get should keep query parameters](https://github.com/zendframework/zf2/pull/5861)
+- [5868: Fixes #4993](https://github.com/zendframework/zf2/pull/5868)
+- [5870: SSL CA File support.](https://github.com/zendframework/zf2/pull/5870)
+- [5871: Add processor support to the Logger options.](https://github.com/zendframework/zf2/pull/5871)
+- [5874: Update NotEmpty validator to use bitmasking](https://github.com/zendframework/zf2/pull/5874)
+- [5879: Update NotEmptyTest tests to use data providers where possible](https://github.com/zendframework/zf2/pull/5879)
+- [5883: Fixes #5648](https://github.com/zendframework/zf2/pull/5883)
+- [5887: Fixed bug that didn't allow the connection to the SQLite database to be closed](https://github.com/zendframework/zf2/pull/5887)
+- [5890: Hotfix/5640 for bug in nested Zend\Form\Element\Collection::extract() recursion](https://github.com/zendframework/zf2/pull/5890)
+- [5891: Nicaraguan phone numbering plan](https://github.com/zendframework/zf2/pull/5891)
+- [5892: Case-insensitive country for the PhoneNumber validator class](https://github.com/zendframework/zf2/pull/5892)
+- [5893: Fix bug in json prettyprint](https://github.com/zendframework/zf2/pull/5893)
+- [5899: fix cs from #5613](https://github.com/zendframework/zf2/pull/5899)
+- [5900: Fix for #5894 - .il Domain checking](https://github.com/zendframework/zf2/pull/5900)
+- [5903: Re-added ConstraintKeyObject which is consumed from the AbstractSource w/ test (Fixes #3512)](https://github.com/zendframework/zf2/pull/5903)
+- [5912: clone problem in datetimeselect form element clone method](https://github.com/zendframework/zf2/issues/5912)
+- [5913: Hotfix for #5912: wrong datetime select form element cloning logic](https://github.com/zendframework/zf2/pull/5913)
+- [5916: Zend\Http: Unit tests for multi-line headers](https://github.com/zendframework/zf2/pull/5916)
+
+### SECURITY UPDATES
+
+- **ZF2014-01:** Potential XXE/XEE attacks using PHP functions:
+ `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. A new component,
+ `ZendXml`, was introduced to mitigate XML eXternal Entity and XML Entity
+ Expansion vectors that are present in older versions of libxml2 and/or PHP.
+ `Zend\Json\Json::fromXml()` and `Zend\XmlRpc`'s `Response` and `Fault` classes
+ were potentially vulnerable to these attacks. If you use either of these
+ components, we recommend upgrading immediately.
+
## 2.2.5 (2013-10-31)
- [4604: Zend\Json\Server\Server::addFunction instantiates new class even an object was given as callable](https://github.com/zendframework/zf2/issues/4604)
@@ -461,6 +602,18 @@ users.
The above change will only affect you if you were manually injecting a
translator instance into your validators.
+## 2.1.6 (06 Mar 2014):
+
+### SECURITY UPDATES
+
+- **ZF2014-01:** Potential XXE/XEE attacks using PHP functions:
+ `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. A new component,
+ `ZendXml`, was introduced to mitigate XML eXternal Entity and XML Entity
+ Expansion vectors that are present in older versions of libxml2 and/or PHP.
+ `Zend\Json\Json::fromXml()` and `Zend\XmlRpc`'s `Response` and `Fault` classes
+ were potentially vulnerable to these attacks. If you use either of these
+ components, we recommend upgrading immediately.
+
## 2.1.5 (17 Apr 2013):
- 2536: `Zend\Validate` translations out of date
View
14 README.md
@@ -5,14 +5,24 @@ Develop: [![Build Status](https://secure.travis-ci.org/zendframework/zf2.png?bra
## RELEASE INFORMATION
-*Zend Framework 2.2.6dev*
+*Zend Framework 2.2.6*
This is the sixth maintenance release for the 2.2 series.
-DD MMM YYYY
+06 Mar 2014
### UPDATES IN 2.2.6
+**This release contains security updates:**
+
+- **ZF2014-01:** Potential XXE/XEE attacks using PHP functions:
+ `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. A new component,
+ `ZendXml`, was introduced to mitigate XML eXternal Entity and XML Entity
+ Expansion vectors that are present in older versions of libxml2 and/or PHP.
+ `Zend\Json\Json::fromXml()` and `Zend\XmlRpc`'s `Response` and `Fault` classes
+ were potentially vulnerable to these attacks. If you use either of these
+ components, we recommend upgrading immediately.
+
Please see [CHANGELOG.md](CHANGELOG.md).
### SYSTEM REQUIREMENTS
View
2 library/Zend/Version/Version.php
@@ -19,7 +19,7 @@
/**
* Zend Framework version identification - see compareVersion()
*/
- const VERSION = '2.2.6dev';
+ const VERSION = '2.2.6';
/**
* Github Service Identifier for version information is retrieved from

0 comments on commit 5eae447

Please sign in to comment.