Zend\Db\Adapter\Platform\Postgresql
was incorrectly using
\\
to escape double quotes in identifiers and values, which could lead to
SQL injection vectors. We have provided patches that use proper escaping. If
you use Postgresql with Zend Framework 2, we recommend upgrading immediately.$_SESSION
superglobal before
session start, which meant the data was overwritten once the session began.
This meant on subsequent calls, the validators had no data to compare against,
making the sessions automatically valid. We have provided patches to ensure
that validators are run only after the session has begun, which will ensure
they validate sessions correctly going forward. If you use Zend\Session
validators, we recommend upgrading immediately.Please login to add feedback.
This update has been submitted for testing by siwinski.
This update has been pushed to testing.
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by siwinski.
This update has been pushed to stable.