This repository has been archived by the owner on Jan 8, 2020. It is now read-only.
Zend Framework 2.3.3
weierophinney
released this
30 Sep 17:16
·
3472 commits
to master
since this release
- 6576: Custom barcode adapter wasn't being set in options
- 6664: Use is_file to check for an uploaded file
SECURITY UPDATES
- ZF2014-05: Due to an issue that existed in PHP's LDAP extension, it is possible to perform an unauthenticated simple bind against a LDAP server by using a null byte for the password, regardless of whether or not the user normally requires a password. We have provided a patch in order to protect users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all versions of PHP 5.3 and below). If you use
Zend\Ldap
and are on an affected version of PHP, we recommend upgrading immediately. - ZF2014-06: A potential SQL injection vector existed when using a SQL Server adapter to manually quote values due to the fact that it was not escaping null bytes. Code was added to ensure null bytes are escaped, and thus mitigate the SQLi vector. We do not recommend manually quoting values, but if you do, and use the SQL Server adapter without PDO, we recommend upgrading immediately.