Zend Framework 2 v2.5.2 Release Notes
Release Date: 2015-08-03 // over 8 years ago-
⚡️ SECURITY UPDATES
- ZF2015-06:
ZendXml
runs a heuristic detection for XML Entity Expansion and XML eXternal Entity vectors when under php-fpm, due to issues with threading in libxml preventing using that library's built-in mechanisms for disabling them. However, the heuristic was determined to be faulty when multibyte encodings are used for the XML. This release contains a patch to ensure that the heuristic will work with multibyte encodings.
If you use Zend Framework components that utilize
DOMDocument
orSimpleXML
(which includesZend\XmlRpc
,Zend\Soap
,Zend\Feed
, and several others), and deploy using php-fpm in production (or plan to), we recommend upgrading immediately. - ZF2015-06: