Zend Framework 1.11.6 and 1.10.9 Released

May 6, 2011

News, Zend Framework

The Zend Framework team announces the immediate availability of Zend Framework
1.11.6, our sixth maintenance release in the 1.11 series, and a simultaneous
release of 1.10.9, a security fix release.

1.11.6 includes more than 60 bug fixes and may be downloaded from the
Zend Framework site.

For a full list of resolved issues, you can visit the changelog:

1.10.9 includes one security fix, and may be downloaded from our
Zend Framework release archives.

The security fix included in both 1.11.6 and 1.10.9 is a patch to the Zend_Db
MySQL PDO adapter to pass the requested character set as part of the PDO DSN in
PHP versions 5.3.6 and above. This addresses a potential SQL injection
vulnerability when using non-ASCII-compatible character sets; for more
information, please read
the security advisory
in detail. We’d like to thank Anthony Ferrara for alerting us to the issue and
advising us.

An additional fix was made in 1.11.6 to Zend_Filter_HtmlEntities. In
circumstances where input utilizes a different character set than that passed to
PHP’s htmlentities() function, the function will return an empty string if it
encounters characters not understood by the specified character set. As an
example:


$filtered = htmlentities($input, null, 'UTF-8');

will result in an empty string if $input contains latin-1 characters not
understood by UTF-8 (as an example, a latin-1 emdash character). This can lead
to conditions where valid input now no longer is (e.g., if it passed a
StringLength filter previously). We are not creating a security advisory for
this as there is no general vulnerability; nevertheless, we patched 1.11.6 to
address the issue (by casting to the filter’s encoding using iconv() if
htmlentities() returns an empty string). We’d like to thank Kevin MacArthur
for alerting us to the issue and assisting us in patching it.

A number of website improvements have been made for this release. First, as
reported with our previous 1.11.5 release, we are now using
DocBlox for rendering our API documentation.
Mike van Riel has been busy incorporating feedback
this past month, and this should be reflected in the API documentation for the
1.11.6 release.

Second, Hector Virgen submitted some CSS and
navigation enhancements for the Zend Framework online manual, and these are now
incorporated into the site.

Finally, I’d like to thank everyone who contributed to this past month’s Bug
Hunt Days. We had tremendous success this month, and actually patched more than
60 issues — and resolved more than 80! Keep up the great work, everyone!

About Matthew Weier O'Phinney

Matthew is an open source software architect, specializing in PHP. He is currently project lead for Zend Framework, a project with which he has been involved since before the first public preview release. He is a Zend Certified Engineer, and a member of the Zend Education Advisory Board, the group responsible for authoring the Zend Certification Exam. He contributes to a number of open source projects, blogs on PHP-related topics, and presents talks and tutorials related to PHP development and the projects to which he contributes. You can read more of his thoughts on his blog, weierophinney.net/matthew/.

View all posts by Matthew Weier O'Phinney

9 Responses to “Zend Framework 1.11.6 and 1.10.9 Released”

  1. kelmadics Says:

    yeah, i actually just saw/notice that search functionality so that’s awesome! thanks! just waiting for the ability to view the source (Or maybe im just missing it again).
    I’ll look at the issue tracker if there’s an existing ticket already.

  2. weierophinney Says:

    Actually, check the latest versions of the API docs — they now have search functionality. ;-) (This is something now shipped with DocBlox.)

    We likely will not allow commenting on the API docs, as this is a fairly large effort, and the docs change per-release. You can always submit issue reports requesting additions and/or changes to API documentation, however.

  3. kelmadics Says:

    Hey Matthew,

    Would it be nice if you guys can add a search functionality in new API doc and the ability to view the source code? Also it would be cool if possible to leave comments at each functions/methods although i doubt.

  4. skinroller Says:

    Nice job everybody – I agree it is much appreciated that the focus isn’t lost from 1.x series

  5. ant1j Says:

    Documentation looks way better now !

    Thanks !

  6. hcderaad Says:

    Better docs, great efforts on Zend_Dojo_Form elements, very nice to see that a lot of work is still being put in the 1.x series while 2.0 is the main focus!

  7. chelmertz Says:

    The docs went up a couple of notches directly, nice work! The manual also looks very sharp.

    Cheers!

  8. weierophinney Says:

    Thanks, chidera; I’ve updated the text.

  9. chidera Says:

    You refer, it seems, to 1.10.6 instead of 1.10.9. No biggie, but I thought I’d point it out.

    Thanks to all…keep up the good work…!