CVE ID : | CVE-2015-3154 | | The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:- Filippo Tessarotto, who reported the issue on
Zend\Mail ; and - Enrico Zimuel, who provided the initial patch, as well as ongoing review; and
- Maks3w, who reported the
Zend\Http issue, and who reviewed the patch and proposed improvements; and - Matthew Weier O’Phinney, who reviewed, tested, and finalized the patch.
|
Solution : If you are using Zend\Mail or Zend\Http from Zend Framework 2 (either standalone, or within components like Zend\Mvc ), or if you are using the Zend_Mail or Zend_Http components from Zend Framework 1, we recommend upgrading immediately. The patch fixing the issues has been applied in the following versions: - Zend Framework 1.12.12
- Zend Framework 2.3.8
- Zend Framework 2.4.1
|