Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

84 lines (52 sloc) 3.36 kB

Welcome to the Zend Framework 2.2 Release!

Master: Build Status Develop: Build Status


Zend Framework 2.2.6

This is the sixth maintenance release for the 2.2 series.

06 Mar 2014


This release contains security updates:

  • ZF2014-01: Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse. A new component, ZendXml, was introduced to mitigate XML eXternal Entity and XML Entity Expansion vectors that are present in older versions of libxml2 and/or PHP. Zend\Json\Json::fromXml() and Zend\XmlRpc's Response and Fault classes were potentially vulnerable to these attacks. If you use either of these components, we recommend upgrading immediately.

Please see


Zend Framework 2 requires PHP 5.3.3 or later; we recommend using the latest PHP version whenever possible.


Please see


If you wish to contribute to Zend Framework, please read both the and file.


Online documentation can be found at Questions that are not addressed in the manual should be directed to the appropriate mailing list:

If you find code in this release behaving in an unexpected manner or contrary to its documented behavior, please create an issue in our GitHub issue tracker:

If you would like to be notified of new releases, you can subscribe to the fw-announce mailing list by sending a blank message to

Reporting Potential Security Issues

If you have encountered a potential security vulnerability in Zend Framework, please report it to us at We will work with you to verify the vulnerability and patch it.

When reporting issues, please provide the following information:

  • Component(s) affected
  • A description indicating how to reproduce the issue
  • A summary of the security vulnerability and impact

We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.

For sensitive email communications, please use our PGP key.


The files in this archive are released under the Zend Framework license. You can find a copy of this license in LICENSE.txt.


The Zend Framework team would like to thank all the contributors to the Zend Framework project, our corporate sponsor, and you, the Zend Framework user. Please visit us sometime soon at

Jump to Line
Something went wrong with that request. Please try again.