Apigility 1.3.1 Released!

We’ve just released Apigility 1.3.1, which you can download from the Apigility website:

If you are already using Apigility, you can update your project using Composer:

This release fixes a few minor issues discovered following the 1.3.0 release, as well as fixes a security vulnerability.

Security Fix

A security vulnerability was reported against zf-oauth2, with a potential user spoofing vector when using the web application (aka authorization token) scenario. Visit the Zend Framework security advisory for more details:

If you are using zf-oauth2 in your application, and using the authorization code scenario, you can update it specifically:

Bug Fixes

In addition to the security fix, we patched a number of other issues.

  • zfcampus/zf-oauth2#112 fixes a parse error in the receive code template, and updates the cURL examples on that page to use the current request scheme.
  • zfcampus/zf-mvc-auth#94 fixes HTTP authentication to ensure that omitting an Authorization header no longer results in a 401 status, and instead falls back to using the GuestIdentity as it did prior to 1.1.0.
  • zfcampus/zf-apigility-admin#305 and zfcampus/zf-apigility-admin-ui#69 allow DB adapters that do not support metadata features to be used for DB-Connected REST services.
  • #105 updates the Vagrant setup to ensure it includes PHP 5.6, allowing it to work with versions 1.3+.