Ubuntu
zend-framework package

lp:ubuntu/intrepid-security/zend-framework

  1. Intrepid (8.10)
  2. intrepid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-security/zend-framework
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

9. By Stephan Rügamer

* SECURITY UPDATE: (LP: #345682)
  Announcement: http://www.nabble.com/SECURITY-ADVISORY-tp22609193p22609193.html
  From Zend PHP FW Mailing List:
  The Zend Framework team was recently notified of an XSS attack vector in its Zend_Filter_StripTags class.
  Zend_Filter_StripTags offers the ability to strip HTML tags from text, but also to selectively choose
  which tags and specific attributes of those tags to keep.
  The XSS attack vector was due to a bug in matching HTML tag attributes to retain.
  If whitespace was introduced surrounding the attribute assignment operator or the value included newline characters,
  the attribute would always be included in the final output- even if it was not marked to retain.
  A security fix has been created and released with Zend Framework 1.7.7.
  Additionally, the fix has been back-ported to the 1.6, 1.5, and 1.0 release branches.
* debian/patches/zf_Zend_Filter_security_fix.patch:
  Fixes security issue according to
  http://framework.zend.com/svn/framework/standard/branches/release-1.7/library/Zend/Filter/StripTags.php

8. By Stephan Rügamer

* debian/patches/ubuntu_01_fix_mail.diff:
  + Fixes upstream bugs:
    - ZF-3912
    - ZF-3641
    - ZF-3865
* debian/control:
  + added quilt to b-d
* debian/rules:
  + added quilt targets to patch source

7. By Stephan Rügamer

New upstream version
a detailed list of bugs which are fixed you can find at
http://framework.zend.com/issues/secure/IssueNavigator.jspa?requestId=10811

6. By Stephan Rügamer

* New bugfox release
  a detailed list of bugs which are fixed you can find at
  http://framework.zend.com/issues/secure/IssueNavigator.jspa?pager/start=0
* debian/control:
  - bumbed debhelper version to >= 6
* debian/compat:
  - bumbed compat version to 6

5. By Stephan Rügamer

New bugfix release
You can find the bugs fixed at
http://framework.zend.com/issues/secure/IssueNavigator.jspa?mode=hide&requestId=10711

4. By Stephan Rügamer

* New upstream release (LP: #204016)
* New Features:
  + New Zend_Form component with support for AJAX-enabled form elements
  + New action and view helpers for automating and facilitating AJAX requests
    and
    alternate response formats
  + LDAP, Infocard, and OpenID authentication adapters
  + Support for complex Lucene searches, including fuzzy, date-range, and
    wildcard
    queries
  + Support for Lucene 2.1 index file format
  + Partial, Placeholder, Action, and Header view helpers for advanced view
    composition and rendering
  + New Zend_Layout component for automating and facilitating site layouts
  + UTF-8 support for PDF documents
* Enhancement and Bugfixes
  * Zend_Json has been augmented to convert from XML to JSON format
  * New Zend_TimeSync component supporting the Network Time Protocol (NTP)
  * Improved performance of Zend_Translate with new caching option
  * addRoute(), addRoutes(), addConfig(), removeRoute(), removeDefaultRoutes()
    methods of Zend_Controller_Router_Rewrite now support method chaining
  * Yahoo web service supports Yahoo! Site Explorer and video searches
  * Database adapter for Firebird/Interbase
  * Query modifiers for fetch and find methods in Zend_Db_Table
  * 'init' hook to modify initialization behaviour in subclasses Zend_Db_Table,
     Rowset, and Row
  * Support for HTTP CONNECT requests in Zend_Http_Client
  * Support for PHP's hash() for read/write control in Zend_Cache
  * Zend_Cache_Backend_File may be configured to call ignore_user_abort() to
    maintain cache data integrity
  * Timezone in Zend_Date may be set by locale
  * Zend_Cache can now use custom frontend and backend classes
* debian/control:
  - Introduce binary package libzend-framework-php according to Debians PHP
    Policy (http://webapps-common.alioth.debian.org/draft-php/html/index.htm)
  - Make zend-framework (old binary package) a transitional one, with
    depends on the new binary package
* debian/rules:
  - Don't install NEWS.txt as Changelog replacement anymore, it doesn't
    exists in the upstream tarball anymore
* debian/Makefile:
  - Remove VERSION.txt from instal target, this file doesn't exist anymore,
    too

3. By Stephan Rügamer

* New upstream version
  - This version is a bugfix release

2. By Stephan Rügamer

* Initial release
* Latest Stable version 1.0.3 has bugs, which prevent apps to determine the
  correct locale on the system. It's being fixed in latest SVN, but this is
  too unstable

1. By Stephan Rügamer

Import upstream version 1.0.2

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/zend-framework
This branch contains Public information 
Everyone can see this information.

Subscribers