Zend Framework 2.4.11 Released!
The Zend Framework community is pleased to announce the immediate availability
of Zend Framework 2.4.11. You can download it from the Zend Framework site:
This is a Long Term Support release.
This release contains a fix for a potential remote code execution vulnerability
when using the
ZendMailTransportSendmail transport adapter. Prior to this
release, a maliciously crafted local address portion of a
From address could
potentially inject arguments to the system
sendmail binary. This release
provides detection of such addresses, and prevents attempts to send them.
For more information, please read the ZF2016-04 advisory.
The patch is provided against:
- Zend Framework 2.4.11
- zend-mail 2.4.11 and 2.7.2
Zend Framework 2.5 and 3.0 users who update via Composer will receive the
zend-mail 2.7.2 version.
Long Term Support
As a reminder, the 2.4 series is our current Long Term Support release, and will
receive security and critical bug fixes until 31 March 2018.
You can opt-in to the LTS version by pinning your
Composer requirement to the version
Visit our Long Term Support information page for more information.
Source: Zend feed