ZF2015-04: Zend\Mail and Zend\Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend\Mail or Zend\Http (which includes users of Zend\Mvc), we recommend upgrading immediately.
How to install
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
This update has been submitted for testing by remi.
Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/68256/steps/runtask/logs/stdio (results are informative only)
Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/68256/steps/runtask/logs/stdio (results are informative only)
This update is currently being pushed to the Fedora 22 testing updates repository.
This update is currently being pushed to the Fedora 22 testing updates repository.
This update has been pushed to testing
This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by remi.
Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/69977/steps/runtask/logs/stdio (results are informative only)
This update is currently being pushed to the Fedora 22 stable updates repository.
This update is currently being pushed to the Fedora 22 stable updates repository.
This update has been pushed to stable