Zend Framework 1.12.20 Released!

2016-09-08 | By: Matthew Weier O'Phinney

The Zend Framework community is pleased to announce the immediate availability of Zend Framework 1.12.20! Packages and installation instructions are available at:

Changelog

This release includes a single security patch, reported as ZF2016-03, for SQL injection vulnerabilities in the Zend_Db_Select::order() and Zend_Db_Select::group() methods. If you use these, we recommend updating immedaitely.

To see the complete set of issues resolved for 1.12.20, please visit the changelog:

End of Life

As announced previously, Zend Framework 1 will reach its end of life on 28 September 2016, and only receive security fixes between now and that date. Past that point, we will offer custom bug and security fixes for Zend Framework 1 on-demand only to Enterprise users of Zend Server.

Thank You!

Many thanks to Enrico Zimuel for his efforts in developing the security patch for this release!

SHARE: