The Zend Framework community is pleased to announce the immediate availability
- Zend Framework 1.12.14
- Zend Framework 2.4.6
- Zend Framework 2.5.2
You can download the releases from the Zend Framework site:
These releases contain a critical security fix.
Zend Framework versions 1.12.14, and 2.4.6, and 2.5.2 introduced fixes for
ZF2015-06, a serious vulnerability
ZendXml when used under PHP-FPM to process multibyte XML
documents. The advisory provides full details; if you process XML in your
application and will be deploying or already deploy using PHP-FPM, we recommend
Zend Framework 1.12.14 has two other changes that may impact users:
Zend_Service_DeveloperGardenwas removed, as the service closed its API on 30
Zend_Service_Technoratiwas removed, as the API has been unavailable for an
indeterminate amount of time.
Both Zend Framework 2.4.6 and 2.5.2 also incorporate a change in
fixes done in the 2.4/2.5 series removed support for fallback values when performing validation;
that support has been reinstated with the latest releases.
For the full changelog on each version:
Long Term Support
As a reminder, the 2.4 series is our current Long Term Support release, and will
receive security and critical bug fixes until 31 March 2018.
You can opt-in to the LTS version by pinning your
Composer requirement to the version
Visit our Long Term Support information page for more information.