-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-dbb0d41078
2018-08-14 20:15:54.627619
-------------------------------------------------------------------------------
-

Name        : php-zendframework-zend-diactoros
Product     : Fedora 27
Version     : 1.8.4
Release     : 1.fc27
URL         : https://zendframework.github.io/zend-diactoros/
Summary     : PSR HTTP Message implementations
Description :
A PHP package containing implementations of the accepted PSR-7 HTTP message
interfaces [1], as well as a "server" implementation similar to
 node's
http.Server [2].

Documentation: https://zendframework.github.io/zend-diactoros/

Autoloader: /usr/share/php/Zend/Diactoros/autoload.php

[1] http://www.php-fig.org/psr/psr-7/
[2] http://nodejs.org/api/http.html

-------------------------------------------------------------------------------
-
Update Information:

## 1.8.4 - 2018-08-01  ### Added  - Nothing.  ### Changed  - This release
modifies how `ServerRequestFactory` marshals the request URI. In   prior
releases, we would attempt to inspect the `X-Rewrite-Url` and  
 `X-Original-Url`
headers, using their values, if present. These headers are   issued by the
ISAPI_Rewrite module for IIS (developed by HeliconTech).   However, we have no
way of guaranteeing that the module is what issued the   headers, making it an
unreliable source for discovering the URI. As such, we   have removed this
feature in this release of Diactoros.    If you are developing a middleware
application, you can mimic the   functionality via middleware as follows:  ```
use Psr\Http\Message\ResponseInterface;   use
Psr\Http\Message\ServerRequestInterface;   use
Psr\Http\Server\RequestHandlerInterface;   use Zend\Diactoros\Uri;    public
function process(ServerRequestInterface $request, RequestHandlerInterface
$handler) : ResponseInterface   {       $requestUri = null;
$httpXRewriteUrl = $request->getHeaderLine('X-Rewrite-Url');      
 if
($httpXRewriteUrl !== null) {           $requestUri = $httpXRewriteUrl;       }
$httpXOriginalUrl = $request->getHeaderLine('X-Original-Url');      
 if
($httpXOriginalUrl !== null) {           $requestUri = $httpXOriginalUrl;
}        if ($requestUri !== null) {           $request =
 $request->withUri(new
Uri($requestUri));       }        return $handler->handle($request);   } ```
If you use middleware such as the above, make sure you also instruct your web
server to strip any incoming headers of the same name so that you can
guarantee they are issued by the ISAPI_Rewrite module.  ### Deprecated  -
Nothing.  ### Removed  - Nothing.  ### Fixed  - Nothing.  ## 1.8.3 - 2018-07-24
### Added  - Nothing.  ### Changed  - Nothing.  ### Deprecated  - Nothing.  ###
Removed  - Nothing.  ### Fixed  - [#321](https://github.com/zendframework/zend-
diactoros/pull/321) updates the logic in `Uri::withPort()` to ensure that it
checks that the   value provided is either an integer or a string integer, as
only those values   may be cast to integer without data loss.  -
[#320](https://github.com/zendframework/zend-diactoros/pull/320) adds checking
within `Response` to ensure that the provided reason   phrase is a string; an
`InvalidArgumentException` is now raised if it is not. This change   ensures
 the
class adheres strictly to the PSR-7 specification.  -
[#319](https://github.com/zendframework/zend-diactoros/pull/319) provides a fix
to `Zend\Diactoros\Response` that ensures that the status   code returned is
_always_ an integer (and never a string containing an   integer), thus ensuring
it strictly adheres to the PSR-7 specification.  ## 1.8.2 - 2018-07-19  ###
Added  - Nothing.  ### Changed  - Nothing.  ### Deprecated  - Nothing.  ###
Removed  - Nothing.  ### Fixed  - [#318](https://github.com/zendframework/zend-
diactoros/pull/318) fixes the logic for discovering whether an HTTPS scheme is
in play   to be case insensitive when comparing header and SAPI values,
 ensuring
no   false negative lookups occur.  - [#314](https://github.com/zendframework
/zend-diactoros/pull/314) modifies error handling around opening a file
 resource
within   `Zend\Diactoros\Stream::setStream()` to no longer use the second
argument to   `set_error_handler()`, and instead check the error type in the
handler itself;   this fixes an issue when the handler is nested inside another
error handler,   which currently has buggy behavior within the PHP engine.  ##
1.8.1 - 2018-07-09  ### Added  - Nothing.  ### Changed  -
[#313](https://github.com/zendframework/zend-diactoros/pull/313) changes the
reason phrase associated with the status code 425   to "Too Early",
corresponding to a new definition of the code as specified by the IANA.  ###
Deprecated  - Nothing.  ### Removed  - Nothing.  ### Fixed  -
[#312](https://github.com/zendframework/zend-diactoros/pull/312) fixes how the
`normalizeUploadedFiles()` utility function handles nested trees of   uploaded
files, ensuring it detects them properly.  ## 1.8.0 - 2018-06-27  ### Added  -
[#307](https://github.com/zendframework/zend-diactoros/pull/307) adds the
following functions under the `Zend\Diactoros` namespace, each of   which may
 be
used to derive artifacts from SAPI supergloabls for the purposes   of
 generating
a `ServerRequest` instance:   - `normalizeServer(array $server, callable
$apacheRequestHeaderCallback = null) : array`     (main purpose is to aggregate
the `Authorization` header in the SAPI params     when under Apache)   -
`marshalProtocolVersionFromSapi(array $server) : string`   -
`marshalMethodFromSapi(array $server) : string`   - `marshalUriFromSapi(array
$server, array $headers) : Uri`   - `marshalHeadersFromSapi(array $server) :
array`   - `parseCookieHeader(string $header) : array`   -
`createUploadedFile(array $spec) : UploadedFile` (creates the instance from
a normal `$_FILES` entry)   - `normalizeUploadedFiles(array $files) :
UploadedFileInterface[]` (traverses     a potentially nested array of uploaded
file instances and/or `$_FILES`     entries, including those aggregated under
mod_php, php-fpm, and php-cgi in     order to create a flat array of
`UploadedFileInterface` instances to use in a     request)  ### Changed  -
Nothing.  ### Deprecated  - [#307](https://github.com/zendframework/zend-
diactoros/pull/307) deprecates `ServerRequestFactory::normalizeServer()`; the
method is   no longer used internally, and users should instead use
`Zend\Diactoros\normalizeServer()`,   to which it proxies.  -
[#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates
`ServerRequestFactory::marshalHeaders()`; the method is   no longer used
internally, and users should instead use
`Zend\Diactoros\marshalHeadersFromSapi()`,   to which it proxies.  -
[#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates
`ServerRequestFactory::marshalUriFromServer()`; the method   is no longer used
internally. Users should use `marshalUriFromSapi()` instead.  -
[#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates
`ServerRequestFactory::marshalRequestUri()`. the method is no longer   used
internally, and currently proxies to `marshalUriFromSapi()`, pulling the
discovered path from the `Uri` instance returned by that function. Users
should use `marshalUriFromSapi()` instead.  -
[#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates
`ServerRequestFactory::marshalHostAndPortFromHeaders()`; the method   is no
longer used internally, and currently proxies to `marshalUriFromSapi()`,
pulling the discovered host and port from the `Uri` instance returned by that
function. Users should use `marshalUriFromSapi()` instead.  -
[#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates
`ServerRequestFactory::getHeader()`; the method is no longer   used internally.
Users should copy and paste the functionality into their own   applications if
needed, or rely on headers from a fully-populated `Uri`   instance instead.  -
[#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates
`ServerRequestFactory::stripQueryString()`; the method is no longer   used
internally, and users can mimic the functionality via the expression   `$path =
explode('?', $path, 2)[0];`.  - [#307](https://github.com/zendframework/zend-
diactoros/pull/307) deprecates `ServerRequestFactory::normalizeFiles()`; the
functionality   is no longer used internally, and users can use
`normalizeUploadedFiles()` as   a replacement.  -
[#303](https://github.com/zendframework/zend-diactoros/pull/303) deprecates
`Zend\Diactoros\Response\EmitterInterface` and its various implementations.
These are now provided via the   [zendframework/zend-
httphandlerrunner](https://docs.zendframework.com/zend-httphandlerrunner)
package as 1:1 substitutions.  - [#303](https://github.com/zendframework/zend-
diactoros/pull/303) deprecates the `Zend\Diactoros\Server` class. Users are
directed to the `RequestHandlerRunner` class from the   [zendframework/zend-
httphandlerrunner](https://docs.zendframework.com/zend-httphandlerrunner)
package as an alternative.  ### Removed  - Nothing.  ### Fixed  - Nothing.
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Aug  2 2018 Shawn Iwinski <shawn.iwinski@gmail.com> - 1.8.4-1
- Update to 1.8.4 (RHBZ #1504401 / ZF2018-01 / CVE-2018-14773 / CVE-2018-14774)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> -
 1.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 30 2018 Remi Collet <remi@remirepo.net> - 1.7.2-1
- update to 1.7.2
* Fri Mar 30 2018 Remi Collet <remi@remirepo.net> - 1.7.1-1
- update to 1.7.1
- use range dependencies on F27+
* Fri Feb  9 2018 Fedora Release Engineering <releng@fedoraproject.org> -
 1.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan  5 2018 Remi Collet <remi@remirepo.net> - 1.7.0-1
- Update to 1.7.0
* Tue Dec  5 2017 Remi Collet <remi@remirepo.net> - 1.6.1-2
- switch to classmap autoloader for consistency
- provide php-autoloader(zendframework/zend-diactoros)
* Thu Nov  2 2017 Remi Collet <remi@remirepo.net> - 1.6.1-1
- Update to 1.6.1
- use phpunit6 on F26+
* Sun Oct  8 2017 Shawn Iwinski <shawn.iwinski@gmail.com> - 1.6.0-1
- Updated to 1.6.0 (RHBZ #1491486)
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1504401 - php-zendframework-zend-diactoros-1.8.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1504401
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-dbb0d41078' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Q5NN4YKQFE3WLFLIS7AJTOJ6E5FNTRH/