|CVE ID :||CVE-2015-3154|
|The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:|
- Filippo Tessarotto, who reported the issue on
- Enrico Zimuel, who provided the initial patch, as well as ongoing review; and
- Maks3w, who reported the
Zend\Http issue, and who reviewed the patch and proposed improvements; and
- Matthew Weier O’Phinney, who reviewed, tested, and finalized the patch.
If you are using
Zend\Http from Zend Framework 2 (either standalone, or within components like
Zend\Mvc), or if you are using the
Zend_Http components from Zend Framework 1, we recommend upgrading immediately.
The patch fixing the issues has been applied in the following versions:
- Zend Framework 1.12.12
- Zend Framework 2.3.8
- Zend Framework 2.4.1