Edit File by line
/home/barbar84/www/wp-conte.../plugins/sujqvwi/ShExBy/shex_roo.../var/softacul.../zend
File: changelog.txt
# CHANGELOG
[0] Fix | Delete
[1] Fix | Delete
## 2.4.13 (2017-07-13)
[2] Fix | Delete
[3] Fix | Delete
- Restores php 5.3 compat in HeaderValue.
[4] Fix | Delete
[5] Fix | Delete
## 2.4.12 (2017-06-19)
[6] Fix | Delete
[7] Fix | Delete
- Fix signature issue with AbstractContainer::offsetGet
[8] Fix | Delete
[9] Fix | Delete
## 2.4.11 (2016-12-19)
[10] Fix | Delete
[11] Fix | Delete
- Fixes ZF2016-04 vulnerability
[12] Fix | Delete
[13] Fix | Delete
## 2.4.10 (2016-05-09)
[14] Fix | Delete
[15] Fix | Delete
- Fix HeaderValue throwing an exception on legal characters
[16] Fix | Delete
[17] Fix | Delete
## 2.4.9 (2015-11-23)
[18] Fix | Delete
[19] Fix | Delete
### SECURITY UPDATES
[20] Fix | Delete
[21] Fix | Delete
- **ZF2015-09**: `Zend\Captcha\Word` generates a "word" for a CAPTCHA challenge
[22] Fix | Delete
by selecting a sequence of random letters from a character set. Prior to this
[23] Fix | Delete
vulnerability announcement, the selection was performed using PHP's internal
[24] Fix | Delete
`array_rand()` function. This function does not generate sufficient entropy
[25] Fix | Delete
due to its usage of `rand()` instead of more cryptographically secure methods
[26] Fix | Delete
such as `openssl_pseudo_random_bytes()`. This could potentially lead to
[27] Fix | Delete
information disclosure should an attacker be able to brute force the random
[28] Fix | Delete
number generation. This release contains a patch that replaces the
[29] Fix | Delete
`array_rand()` calls to use `Zend\Math\Rand::getInteger()`, which provides
[30] Fix | Delete
better RNG.
[31] Fix | Delete
- **ZF2015-10**: `Zend\Crypt\PublicKey\Rsa\PublicKey` has a call to `openssl_public_encrypt()`
[32] Fix | Delete
which used PHP's default `$padding` argument, which specifies
[33] Fix | Delete
`OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding
[34] Fix | Delete
has a known vulnerability, the
[35] Fix | Delete
[Bleichenbacher's chosen-ciphertext attack](http://crypto.stackexchange.com/questions/12688/can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5),
[36] Fix | Delete
which can be used to recover an RSA private key. This release contains a patch
[37] Fix | Delete
that changes the padding argument to use `OPENSSL_PKCS1_OAEP_PADDING`.
[38] Fix | Delete
[39] Fix | Delete
Users upgrading to this version may have issues decrypting previously stored
[40] Fix | Delete
values, due to the change in padding. If this occurs, you can pass the
[41] Fix | Delete
constant `OPENSSL_PKCS1_PADDING` to a new `$padding` argument in
[42] Fix | Delete
`Zend\Crypt\PublicKey\Rsa::encrypt()` and `decrypt()` (though typically this
[43] Fix | Delete
should only apply to the latter):
[44] Fix | Delete
[45] Fix | Delete
```php
[46] Fix | Delete
$decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING);
[47] Fix | Delete
```
[48] Fix | Delete
[49] Fix | Delete
where `$rsa` is an instance of `Zend\Crypt\PublicKey\Rsa`.
[50] Fix | Delete
[51] Fix | Delete
(The `$key` and `$mode` argument defaults are `null` and
[52] Fix | Delete
`Zend\Crypt\PublicKey\Rsa::MODE_AUTO`, if you were not using them previously.)
[53] Fix | Delete
[54] Fix | Delete
We recommend re-encrypting any such values using the new defaults.
[55] Fix | Delete
[56] Fix | Delete
## 2.4.8 (2015-09-15)
[57] Fix | Delete
[58] Fix | Delete
- [zend-validator/25: validate against DateTimeImmutable instead of DateTimeInterface](https://github.com/zendframework/zend-validator/pull/25)
[59] Fix | Delete
- [zend-validator/35: treat 0.0 as non-empty, restoring pre-2.4 behavior](https://github.com/zendframework/zend-validator/pull/35)
[60] Fix | Delete
- [zend-inputfilter/26: deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment](https://github.com/zendframework/zend-inputfilter/pull/26)
[61] Fix | Delete
- [zend-inputfilter/22: ensure fallback values work as per pre-2.4 behavior](https://github.com/zendframework/zend-inputfilter/pull/22)
[62] Fix | Delete
- [zend-inputfilter/31: update the InputFilterInterface::add() docblock to match implementations](https://github.com/zendframework/zend-inputfilter/pull/31)
[63] Fix | Delete
- [zend-inputfilter/25: Fix how missing optoinal fields are validated to match pre 2.4.0 behavior](https://github.com/zendframework/zend-inputfilter/pull/26)
[64] Fix | Delete
- [zend-form/12: deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26](https://github.com/zendframework/zend-form/pull/12)
[65] Fix | Delete
- [zend-form/9: fix typos in aria attribute names of AbstractHelper](https://github.com/zendframework/zend-form/pull/9)
[66] Fix | Delete
- [zend-mail/26: fixes the ContentType header to properly handle encoded parameter values](https://github.com/zendframework/zend-mail/pull/26)
[67] Fix | Delete
- [zend-mail/11: fixes the Sender header to allow mailbox addresses without TLDs](https://github.com/zendframework/zend-mail/pull/11)
[68] Fix | Delete
- [zend-mail/24: fixes parsing of messages that contain an initial blank line before headers](https://github.com/zendframework/zend-mail/pull/24)
[69] Fix | Delete
- [zend-http/23: fixes the SetCookie header to allow multiline values (as they are always encoded)](https://github.com/zendframework/zend-http/pull/23)
[70] Fix | Delete
- [zend-mvc/27: fixes DefaultRenderingStrategy errors due to controllers returning non-view model results](https://github.com/zendframework/zend-mvc/pull/27)
[71] Fix | Delete
[72] Fix | Delete
### SECURITY UPDATES
[73] Fix | Delete
[74] Fix | Delete
- **ZF2015-07**: The filesystem storage adapter of `Zend\Cache` was creating
[75] Fix | Delete
directories with a liberal umask that could lead to local arbitrary code
[76] Fix | Delete
execution and/or local privilege escalation. This release contains a patch
[77] Fix | Delete
that ensures the directories are created using permissions of 0775 and files
[78] Fix | Delete
using 0664 (essentially umask 0002).
[79] Fix | Delete
[80] Fix | Delete
## 2.4.7 (2015-08-11)
[81] Fix | Delete
[82] Fix | Delete
- [15: validateInputs must allow ArrayAccess for $data](https://github.com/zendframework/zend-inputfilter/pull/15)
[83] Fix | Delete
[84] Fix | Delete
## 2.4.6 (2015-08-03)
[85] Fix | Delete
[86] Fix | Delete
- Take fallback value into account
[87] Fix | Delete
[88] Fix | Delete
[89] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function