Zend Framework 2 v2.1.6 Release Notes
Release Date: 2014-03-06 // about 10 years ago-
⚡️ SECURITY UPDATES
- ZF2014-01: Potential XXE/XEE attacks using PHP functions:
simplexml_load_*,DOMDocument::loadXML, andxml_parse. A new component,ZendXml, was introduced to mitigate XML eXternal Entity and XML Entity Expansion vectors that are present in older versions of libxml2 and/or PHP.Zend\Json\Json::fromXml()andZend\XmlRpc'sResponseandFaultclasses were potentially vulnerable to these attacks. If you use either of these components, we recommend upgrading immediately.
- ZF2014-01: Potential XXE/XEE attacks using PHP functions: