Cross-Site Scripting in php-ZendFramework2
ID: | FEDORA-2014-6540 |
Distribution: | Fedora |
Plattformen: | Fedora 20 |
Datum: | Fr, 30. Mai 2014, 00:36 |
Referenzen: | Keine Angabe |
Applikationen: | Zend Framework |
Originalnachricht |
|
Name : php-ZendFramework2 Product : Fedora 20 Version : 2.2.7 Release : 1.fc20 URL : http://framework.zend.com Summary : Zend Framework 2 Description : Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework with over 15 million downloads. Note: This meta package installs all base Zend Framework component packages (Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db, Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n, InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager, Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar, Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text, Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and Cache-memcached packages. -------------------------------------------------------------------------------- Update Information: ## 2.2.7 (2014-04-015) ### SECURITY UPDATES - **ZF2014-03:** Potential XSS vector in multiple view helpers due to inappropriate HTML attribute escaping. Many view helpers were using the `escapeHtml()` view helper in order to escape HTML attributes. This release patches them to use the `escapeHtmlAttr()` view helper in these situations. If you use form or navigation view helpers, or "HTML element" view helpers (such as `gravatar()`, `htmlFlash()`, `htmlPage()`, or `htmlQuicktime()`), we recommend upgrading immediately. -------------------------------------------------------------------------------- ChangeLog: * Sun May 18 2014 Shawn Iwinski |