Zend Framework 2 v2.1.6 Release Notes
Release Date: 2014-03-06 // about 10 years ago-
⚡️ SECURITY UPDATES
- ZF2014-01: Potential XXE/XEE attacks using PHP functions:
simplexml_load_*
,DOMDocument::loadXML
, andxml_parse
. A new component,ZendXml
, was introduced to mitigate XML eXternal Entity and XML Entity Expansion vectors that are present in older versions of libxml2 and/or PHP.Zend\Json\Json::fromXml()
andZend\XmlRpc
'sResponse
andFault
classes were potentially vulnerable to these attacks. If you use either of these components, we recommend upgrading immediately.
- ZF2014-01: Potential XXE/XEE attacks using PHP functions: