Zend Framework 2 v2.2.5 Release Notes
Release Date: 2013-10-31 // over 10 years ago-
- 4604: Zend\Json\Server\Server::addFunction instantiates new class even an object was given as callable
- 4874: Skip AnnotationScanner if class name information can't be found.
- 4918: [suggest\ Ignore methods without parameters from aware interfaces
- 5013: ZF2-2454 HTTP 308 Resume Incomplete missing in Zend\Http\Response
- 5031: Fix input annotation handler in Zend/Form/Annotation/ElementAnnotationsListener
- ⚡️ 5035: updated Zend_Validate_Hostname translation message IDs and translations
- ⚡️ 5037: Slovenian translations updated
- 5040: Correct namespace name DockBlock to DocBlock
- 5044: Reflection ThrowsTag to handle types correctly
- 5050: #4996 broke File filters management
- ✅ 5053: add test case for Zend\Validator\IsInstanceOf to pass Traversable to constructor
- 🔌 5054: is bin/pluginmap_generator.php broken ?
- 5065: [Zend\Http\Client\ dupplicate header keys in prepareHeaders
- 0️⃣ 5066: __invoke parameter should be null by default
- 5068: using injected response object
- 5071: Increase readability, fix indentation
- 🚑 5078: hotfix/4508 and make Zend\Http\Header\SetCookie RFC conform
- 🚚 5083: [Barcode\ removed some unused variables
- 5093: Extract and populate values for nested fieldsets in Collection elements
- 5100: [ServiceManager\ Implemented circular alias reference detection
- ✅ 5111: Fix test suite when ext/intl isn't available
- 5121: Add inline comments
- 5140: Fix not allowed encoding of content-transfer-encoding and content-type headers in single part encoded mails
- 🚚 5146: Adds an alias for ModuleManager and removes the duplicate service defini...
- 5150: Fix Validator\PhoneNumber with E.123/E.164 international numbers.
- 5152: Issue #4669 - Class generator should return uses from file generator
- 5161: Fix calling View\Helper\BasePath from CLI results in fatal error.
- 🔌 5175: fix delegators to allow usage in plugin managers
- 5180: Ensure DiAbstractServiceFactory takes lowest possible priority
- 5183: Fix for CamelCase filter when string contains multiple uppercase letters and Unicode is off
- 5193: Fix returned NamespaceType for Parameters from Reflection
- 5196: Fix JsonRpc service name
- 5212: assertQueryContentContains searching through all nodes found
- 🌐 5216: added missing I18n\Validator\DateTime translations
- 5220: Bug fix for Zend\Form\Element\Collection::extract()
- 5223: Cannot use Zend\Stdlib\ResponseInterface as Response because the name is already in use in Zend\Stdlib\DispatchableInterface
- 5234: added zendframework/zend-session as suggest dependency at Zend\ProgressBar
- 5239: added zendframework/zend-cache as suggest dependency at Zend\Paginator
- 5240: fix Debug::getEscaper() never called at Debug::dump() when xdebug is loaded
- 🚚 5246: move zendframework/zend-escaper from require to suggest dependency at Zend\Debug
- 5250: explode should be made only by colon (:) and not colon+space (: )
- 5252: Improvements Zend\Form\View\Helper\FormElement
- 🌲 5254: Zend\Log\Writer\Db via config throws exception
- 👍 5259: Modified PhpArray config writer to generate better readable array format.
- 🛠 5271: fixes #5270
- ✅ 5274: add regression testing for fieldset input filter
- 💅 5279: Polish translation for Zend\Captcha
- 💅 5280: Polish translation and fixes in Zend\Validate
- 🚑 5286: Hotfix/5118
- 5287: Add Not Like Predicate
- 🛠 5291: [mail\ Fixes, criteria unification and optimization.
- 5293: Fix #5289 (abstract factories return type)
- ⚡️ 5295: Update DateFormat.php to fix deprecated method call: PHP >= 5.5.0.
- 5301: [http\ Adapt header field name validation to RFC definition
- 📜 5302: [http\ Parse headerline
- 5311: [http\ Unify criteria for split name
- 5317: IbmDb2 Commitment Control
- 🚚 5318: [#5013\ Remove custom code response tests
- 👻 5319: Class not found instead of exception in RedisOptions
- 🛠 5325: fixed typo
- 🛠 5333: Zend\ServiceManager - CS fixes for master
- 5336: fix typo
- 🚚 5343: Remove date filtering on date elements
- ✏️ 5350: fixed typos
- 🛠 5351: fixes #5310
- 🛠 5360: fixed typo
- 5368: Avoid SOAP constant error in PHPUnit
- 🏁 5369: Php unit windows
- ✏️ 5370: fixed typos
- 🔒 5374: Potential security vulnerability
- 👻 5378: Exception as one of the possible exception for Soap\Server::registerFaultException
- 🛠 5379: fixes #4604
- 5382: #4954 Mongodb small changes
⚡️ SECURITY UPDATES
An issue with
Zend\Http\PhpEnvironment\RemoteAddress
was reported in #5374. Essentially, the class was not checking if$_SERVER['REMOTE_ADDR']
was one of the trusted proxies 🔧 configured, and as a result,getIpAddressFromProxy()
could return an untrusted IP address.The class was updated to check if
$_SERVER['REMOTE_ADDR']
is in the list of trusted proxies, and, if so, will return that value immediately before consulting the values in theX-Forwarded-For
header.🔧 If you use the
RemoteAddr
Zend\Session
validator, and are configuring ⚡️ trusted proxies, we recommend updating to 2.2.5 or later immediately.Potential Breakage
- 🚚 #5343 removed the DateTimeFormatter filter from DateTime form elements. This was done due to the fact that it led to unexpected behavior when non-date inputs were provided. However, since the DateTime element already incorporates a DateValidator that accepts a date format, validation can still work as expected.