lp:ubuntu/intrepid-security/zend-framework
- Get this branch:
- bzr branch lp:ubuntu/intrepid-security/zend-framework
Branch merges
Branch information
Recent revisions
- 9. By Stephan Rügamer
-
* SECURITY UPDATE: (LP: #345682)
Announcement: http://www.nabble. com/SECURITY- ADVISORY- tp22609193p2260 9193.html
From Zend PHP FW Mailing List:
The Zend Framework team was recently notified of an XSS attack vector in its Zend_Filter_StripTags class.
Zend_Filter_ StripTags offers the ability to strip HTML tags from text, but also to selectively choose
which tags and specific attributes of those tags to keep.
The XSS attack vector was due to a bug in matching HTML tag attributes to retain.
If whitespace was introduced surrounding the attribute assignment operator or the value included newline characters,
the attribute would always be included in the final output- even if it was not marked to retain.
A security fix has been created and released with Zend Framework 1.7.7.
Additionally, the fix has been back-ported to the 1.6, 1.5, and 1.0 release branches.
* debian/patches/ zf_Zend_ Filter_ security_ fix.patch:
Fixes security issue according to
http://framework. zend.com/ svn/framework/ standard/ branches/ release- 1.7/library/ Zend/Filter/ StripTags. php - 8. By Stephan Rügamer
-
* debian/
patches/ ubuntu_ 01_fix_ mail.diff:
+ Fixes upstream bugs:
- ZF-3912
- ZF-3641
- ZF-3865
* debian/control:
+ added quilt to b-d
* debian/rules:
+ added quilt targets to patch source - 7. By Stephan Rügamer
-
New upstream version
a detailed list of bugs which are fixed you can find at
http://framework. zend.com/ issues/ secure/ IssueNavigator. jspa?requestId= 10811 - 6. By Stephan Rügamer
-
* New bugfox release
a detailed list of bugs which are fixed you can find at
http://framework. zend.com/ issues/ secure/ IssueNavigator. jspa?pager/ start=0
* debian/control:
- bumbed debhelper version to >= 6
* debian/compat:
- bumbed compat version to 6 - 5. By Stephan Rügamer
-
New bugfix release
You can find the bugs fixed at
http://framework. zend.com/ issues/ secure/ IssueNavigator. jspa?mode= hide&requestId= 10711 - 4. By Stephan Rügamer
-
* New upstream release (LP: #204016)
* New Features:
+ New Zend_Form component with support for AJAX-enabled form elements
+ New action and view helpers for automating and facilitating AJAX requests
and
alternate response formats
+ LDAP, Infocard, and OpenID authentication adapters
+ Support for complex Lucene searches, including fuzzy, date-range, and
wildcard
queries
+ Support for Lucene 2.1 index file format
+ Partial, Placeholder, Action, and Header view helpers for advanced view
composition and rendering
+ New Zend_Layout component for automating and facilitating site layouts
+ UTF-8 support for PDF documents
* Enhancement and Bugfixes
* Zend_Json has been augmented to convert from XML to JSON format
* New Zend_TimeSync component supporting the Network Time Protocol (NTP)
* Improved performance of Zend_Translate with new caching option
* addRoute(), addRoutes(), addConfig(), removeRoute(), removeDefaultRoutes()
methods of Zend_Controller_Router_ Rewrite now support method chaining
* Yahoo web service supports Yahoo! Site Explorer and video searches
* Database adapter for Firebird/Interbase
* Query modifiers for fetch and find methods in Zend_Db_Table
* 'init' hook to modify initialization behaviour in subclasses Zend_Db_Table,
Rowset, and Row
* Support for HTTP CONNECT requests in Zend_Http_Client
* Support for PHP's hash() for read/write control in Zend_Cache
* Zend_Cache_Backend_ File may be configured to call ignore_user_abort() to
maintain cache data integrity
* Timezone in Zend_Date may be set by locale
* Zend_Cache can now use custom frontend and backend classes
* debian/control:
- Introduce binary package libzend-framework- php according to Debians PHP
Policy (http://webapps- common. alioth. debian. org/draft- php/html/ index.htm)
- Make zend-framework (old binary package) a transitional one, with
depends on the new binary package
* debian/rules:
- Don't install NEWS.txt as Changelog replacement anymore, it doesn't
exists in the upstream tarball anymore
* debian/Makefile:
- Remove VERSION.txt from instal target, this file doesn't exist anymore,
too - 2. By Stephan Rügamer
-
* Initial release
* Latest Stable version 1.0.3 has bugs, which prevent apps to determine the
correct locale on the system. It's being fixed in latest SVN, but this is
too unstable
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/zend-framework