Fedora 23: php-ZendFramework2 Security Update
Summary
Zend Framework 2 is an open source framework for developing web applications
and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code
and utilizes most of the new features of PHP 5.3, namely namespaces, late
static binding, lambda functions and closures.
Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework
with over 15 million downloads.
Note: This meta package installs all base Zend Framework component packages
(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,
Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,
InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,
Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,
Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,
Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and
Cache-memcached packages.
Update Information:
**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem
storage adapter of Zend\Cache was creating directories with a liberal umask that
could lead to local arbitrary code execution and/or local privilege escalation.
This release contains a patch that ensures the directories are created using
permissions of 0775 and files using 0664 (essentially umask 0002). **Bug
fixed** from upstream [Changelog]() *
validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as
non-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-
attaching NonEmpty validators in favor of explicit attachment * ensure fallback
values work as per pre-2.4 behavior * update the InputFilterInterface::add()
docblock to match implementations * Fix how missing optoinal fields are
validated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmpty
annotations, per zend-inputfilter#26 * fix typos in aria attribute names of
AbstractHelper * fixes the ContentType header to properly handle encoded
parameter values * fixes the Sender header to allow mailbox addresses without
TLDs * fixes parsing of messages that contain an initial blank line before
headers * fixes the SetCookie header to allow multiline values (as they are
always encoded * fixes DefaultRenderingStrategy errors due to controllersreturning non-view model results
Change Log
References
Fedora Update Notification FEDORA-2015-16033 2015-09-25 07:56:18.561837 Name : php-ZendFramework2 Product : Fedora 23 Version : 2.4.8 Release : 1.fc23 URL : https://framework.zend.com/ Summary : Zend Framework 2 Description : Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework with over 15 million downloads. Note: This meta package installs all base Zend Framework component packages (Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db, Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n, InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager, Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar, Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text, Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and Cache-memcached packages.
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update php-ZendFramework2' at the command line. For more information, refer to "Managing Software with yum", available at .