Zend Framework 2 v2.4.8 Release Notes
Release Date: 2015-09-15 // over 8 years ago-
- zend-validator/25: validate against DateTimeImmutable instead of DateTimeInterface
- zend-validator/35: treat 0.0 as non-empty, restoring pre-2.4 behavior
- ๐ zend-inputfilter/26: deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment
- zend-inputfilter/22: ensure fallback values work as per pre-2.4 behavior
- โก๏ธ zend-inputfilter/31: update the InputFilterInterface::add() docblock to match implementations
- zend-inputfilter/25: Fix how missing optoinal fields are validated to match pre 2.4.0 behavior
- ๐ zend-form/12: deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26
- โ๏ธ zend-form/9: fix typos in aria attribute names of AbstractHelper
- ๐ zend-mail/26: fixes the ContentType header to properly handle encoded parameter values
- ๐ zend-mail/11: fixes the Sender header to allow mailbox addresses without TLDs
- ๐ zend-mail/24: fixes parsing of messages that contain an initial blank line before headers
- ๐ zend-http/23: fixes the SetCookie header to allow multiline values (as they are always encoded)
- 0๏ธโฃ zend-mvc/27: fixes DefaultRenderingStrategy errors due to controllers returning non-view model results
โก๏ธ SECURITY UPDATES
- ZF2015-07 : The filesystem storage adapter of
Zend\Cache
was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002).