From 880d6d0205481f94a3c2df365eb7365a0519ede5 Mon Sep 17 00:00:00 2001 From: Matthew Weier O'Phinney Date: Thu, 8 Sep 2016 09:49:38 -0500 Subject: [PATCH] Preparation for 1.12.20 - Updated README: - Updated version to stable - Set date for release - Added release notes including ZF2016-03 details - Updated VERSION constant --- README.md | 14 ++++++++++++-- library/Zend/Version.php | 2 +- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index cd610b39b7..911b404603 100644 --- a/README.md +++ b/README.md @@ -18,12 +18,22 @@ Master: [![Build Status](https://api.travis-ci.org/zendframework/zf1.png?branch= RELEASE INFORMATION =================== -Zend Framework 1.12.20-dev Release. -Released on MMM DD, YYYY. +Zend Framework 1.12.20 Release. +Released on September 08, 2016. IMPORTANT FIXES FOR 1.12.20 --------------------------- +**This release contains security updates:** + +- **ZF2016-03:** The implementation of `ORDER BY` and `GROUP BY` in + `Zend_Db_Select` remained prone to SQL injection when a combination of SQL + expressions and comments were used. This release provides a comprehensive + solution that identifies and removes comments prior to checking validity of + the statement to ensure no SQLi vectors occur. We advise always filtering user + input prior to invoking these methods, however, to further protect your + applications. + See http://framework.zend.com/changelog for full details. NEW FEATURES diff --git a/library/Zend/Version.php b/library/Zend/Version.php index 94d9e24bf5..0ee81c403f 100644 --- a/library/Zend/Version.php +++ b/library/Zend/Version.php @@ -32,7 +32,7 @@ final class Zend_Version /** * Zend Framework version identification - see compareVersion() */ - const VERSION = '1.12.20dev'; + const VERSION = '1.12.20'; /** * The latest stable version Zend Framework available