We’ve tagged, created and pushed packages, and can finally announce that the second release candidate of ZF2, Zend Framework 2.0.0rc2, is now available!
Release candidates are now happening weekly, and will continue until we feel the code is stable; we anticipate that by the end of the month, we should have a stable release.
In the past week, we’ve managed around 70 pull requests, patching primarily bugfixes. Two addressed potential eXternal XML Enity (XXE) injection vulnerabilities in Zend\Feed, Zend\Soap, Zend\Dom, and Zend\Serializer. If you were building on RC1, we highly recommend updating at this time.
Additionally, this marks the first release that incorporates Rob Allen’s excellent ZF2 tutorial; it has now been incorporated into the manual:
Our efforts are now turning primarily to documentation. If you can help us, please do! Enrico has posted a primer on helping with documentation:
as well as a list of documentation tasks:
Please help out!
Below is the full changelog. Take some time to test the release, and to thank all the contributors who have helped get us this far!
UPDATES IN RC2
- REALLY removed Zend\Markup from the repository (we reported it
removed for RC1, and had in fact created the repository for it, but
not removed it from the zf2 repository).
- Addition of Hydrator strategies, to allow easier hydration of
composed objects. The HydratorInterface remains unchanged, but the
shipped hydrators now all implement both that and the new
- Zend\View\Model\ViewModel::setVariables() no longer overwrites the
internal variables container by default. If you wish to do so, it
does provide an optional $overwrite argument; passing a boolean true
will cause the method to overwrite the container.
- Zend\Validator\Iban was expanded to include Single Euro Payments Area
- Zend\Mvc\Controller\ControllerManager now allows fetching controllers
via DI. This is done via a new DiStrict abstract service factory,
which only fetches services in a provided whitelist.
- Zend\Json\Encoder now accepts IteratorAggregates.
- Controller, Filter, and Validator plugin managers were fixed to no
longer share instances.
- Zend\Form was updated to only bind values that were actually provided
in the data. Additionally, if a Collection has no entries, it will be
removed from the validation group. Finally, elements with the name
"0" (zero) are now allowed.
- Zend\View\Helper\Doctype was updated to respond true to isRdfa() when
the doctype is an HTML5 variant.
- Zend\Navigation was fixed to ensure the navigation services is passed
correctly between helpers. Additionally, a bug in Mvc::isActive() was
fixed to ensure routes were properly seeded.
- The GreaterThan and LessThan validators were updated to pass
constructor arguments to the parents, for consistency with other
- Log formatters are now responsible for formatting DateTime values in
the log events.
- The Console ViewManager was updated to extend from the standard HTTP
version, and to use Config instead of Configuration, fixing several
- Zend\Version was moved to Zend\Version\Version (for consistency)
- Zend\Debug was moved to Zend\Debug\Debug (for consistency)
- All protected members that still had underscore prefixes were
refactored to remove that prefix.
- Identified and fixed all CS issues as identified by php-cs-fixer, and
added php-cs-fixer to the Travis-CI build tasks.
- ServiceManagerAwareInterface was removed from all but the most
necessary locations, and replaced with ServiceLocatorAwareInterface.
- Zend\Feed\Reader, Zend\Dom, Zend\Serializer\Wddx, and Zend\Soap were
not properly protecting against XXE injections; these situations have
now been corrected.