Skip to content
This repository has been archived by the owner on May 16, 2018. It is now read-only.

Commit

Permalink
1.12.20 readiness
Browse files Browse the repository at this point in the history
  • Loading branch information
weierophinney committed Sep 8, 2016
2 parents 73cb94e + 880d6d0 commit 737ef15
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
14 changes: 12 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,22 @@ Master: [![Build Status](https://api.travis-ci.org/zendframework/zf1.png?branch=
RELEASE INFORMATION
===================

Zend Framework 1.12.20-dev Release.
Released on MMM DD, YYYY.
Zend Framework 1.12.20 Release.
Released on September 08, 2016.

IMPORTANT FIXES FOR 1.12.20
---------------------------

**This release contains security updates:**

- **ZF2016-03:** The implementation of `ORDER BY` and `GROUP BY` in
`Zend_Db_Select` remained prone to SQL injection when a combination of SQL
expressions and comments were used. This release provides a comprehensive
solution that identifies and removes comments prior to checking validity of
the statement to ensure no SQLi vectors occur. We advise always filtering user
input prior to invoking these methods, however, to further protect your
applications.

See http://framework.zend.com/changelog for full details.

NEW FEATURES
Expand Down
2 changes: 1 addition & 1 deletion library/Zend/Version.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ final class Zend_Version
/**
* Zend Framework version identification - see compareVersion()
*/
const VERSION = '1.12.20dev';
const VERSION = '1.12.20';

/**
* The latest stable version Zend Framework available
Expand Down

0 comments on commit 737ef15

Please sign in to comment.