Archive for February, 2009

Zend Framework 1.7.5

Zend Framework 1.7.5 as been released and there’s a security update in it.

The security announcement is:

The Zend Framework team has been notified of a potential Local File Inclusion (LFI) attack vector in Zend_View’s render() method. To address the issue, as of the 1.7.5 release the render() method no longer accepts paths that include parent directory traversal (e.g., “../” and “..\”) in the path argument. This introduces a regression in behavior which can be addressed by turning off the lfiProtectionOn flag. For more information, see:

http://framework.zend.com/manual/en/zend.view.migration.html

If this advisory does not affect your applications, please disregard. We take security very seriously and will continue to notify all users when a security fault is discovered.

Matthew Weir O’Phinney has all the details about it if you are interested.

Download it now!

Posted by Rob on 19th February 2009 under The Book | Comments Off

Zend Framework in Action forums

It occurs to me that we haven’t publicised the Author Online forums recently!

If you need any support on Zend Framework in Action, then you should try posting on the Author Online forums that are hosted by Manning. I’m fairly active in there and try to help out. Also, other readers may be able to help you or have already discussed your issue.

Posted by Rob on 9th February 2009 under The Book | Comments Off