Feb 11, 2015 - release-1.12.11

    491: [Zend_Translate\ Extend PHPDocumentation to cover 'magic' behavior
    502: Added @method PHPDocumentation to allow IDE code-completion
    506: View renderer controller name fix breaks use of custom dispatcher


14 Jan 2015 - release-1.12.10

    1: isLast not working as expected in Zend_Service_Amazon_SimpleDb_Page
    8: Zend_Loader_ClassMapAutoloader is not auto included when using Zend_Loader_AutoloaderFactory::factory
    15: Zend_Db_Table_Abstract::delete does not delete from dependent table
    32: Zend_Soap_Client has no 'exceptions' flag.
    62: Zend_Validate_EmailAddress->_validateMXRecords() fails on Umlaut-Domains
    187: Zend_Rest_Server does not properly handle optional parameters when anonymous (arg1, etc) parameters are passed in
    322: Zend_Validate_Hostname: disallowed Unicode code point
    324: SlideShare API change some tag names.
    345: CallbackHandler throws warning if WeakRef-extension not installed
    377: Zend_Console_Getopt: Missing required parameter consumes next option as its parameter value
    400: PHPUnit contraints: use real class names to help classmap generators
    426: Use relative filenames for _validIdns for direct include in Zend_Validate_Hostname
    434: Corrected type of property _currentRoute
    440: Zend_Controller_Dispatcher_Abstract::_formatName() inconsistent with Action name handling
    441: Loosen regex to allow nested function calls in SQL
    444: Update Zend_Validate_Hostname TLDs list to 2014102301 version
    446: fix typo unkown -> unknown
    448: fix travis ci build for php 5.2
    449: Zend_Date doesn't create correct date when seconds are missing from 8601 format
    452: "fluent", not "fluid"
    453: Zend_Cache_Backend_Memcached looks at "bytes", but Couchbase 1.x returns "mem_used"
    456: Documentation of Zend_Feed_Pubsubhubbub_Model_ModelAbstract
    458: Fixed bug in quoteInto with $count parameter and question sign in $value
    461: CDATA section for category elements in RSS feed
    465: Zend_Currency creates invalid cache ids for values with fractions
    467: debug_backtrace() called twice when only once needed
    468: Zend_Validate_Hostname improvements
    469: [Zend_Validate\ Testcase for #322
    471: End of life for PHPUnit installation using pear
    475: Zend Json Server Exception is missing the method name
    478: Create .gitattributes to mirror archive { } in composer.json
    480: Virtual machine doesn't install initial packages
    483: Update copyright to 2015
    484: Adds content headers on POST request in Zend_Controller_Request_HTTP
    487: Allow overriding cache id and tag validation in Zend_Cache
    488: Zend_Dojo_View_Helper_Dojo_Container setCdnVersion error...
    490: Added more specific return documentation for Zend_Navigation Pages


16 Sep 2014 - release-1.12.9

    372: Zend_Db_Adapter_Sqlsrv is vulnerable to null byte input
    423: Zend_Validate_NotEmpty::isValid() generates notice when validating empty array
    430: zh_HK locale cannot identify Integer

SECURITY UPDATES

    ZF2014-05: Due to an issue that existed in PHP's LDAP extension, it is possible to perform an unauthenticated simple bind against a LDAP server by using a null byte for the password, regardless of whether or not the user normally requires a password. We have provided a patch in order to protect users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all versions of PHP 5.3 and below). If you use Zend\Ldap and are on an affected version of PHP, we recommend upgrading immediately.
    ZF2014-06: A potential SQL injection vector existed when using a SQL Server adapter to manually quote values due to the fact that it was not escaping null bytes. Code was added to ensure null bytes are escaped, and thus mitigate the SQLi vector. We do not recommend manually quoting values, but if you do, and use the SQL Server adapter without PDO, we recommend upgrading immediately.


26 Aug 2014 - release-1.12.8

#418 can introduce potential BC breaks in the presence of complex SQL statements (for instance using SQL sub-functions). To fix this, use Zend_Db_Expr in group(), order(), or from() method calls.

    54: Zend_Loader invalid links, missing docs
    98: Allow editing and flattening of text form fields within PDF documents
    244: Zend_Oauth_Client: Consider multipart/form-data
    270: Missing class Zend_Service_Console_Command
    277: Patch two level cache updates
    289: Zend_Date milliseconds bug
    342: Zend_Locale_Format::getFloat does not handle exponential notation ("1e-2" returns -100 instead of 0.01)
    348: Fixed bug - do not allow invalid hostname with double dots i.e. zend..com
    354: CLDR v25 released
    363: Zend_Locale_Data::disableCache(true) is always reset
    364: Fix convertPhpToIsoFormat
    365: Fix for array to string conversion error in Zend_Validate_Abstract
    368: Zend_Validate_Hostname: invalidates long TLDs above 10 characters (latest IANA TLDs)
    375: Fixes #374 - Implement Zend_Pdf::getJavascript() and Zend_Pdf::setJavascript()
    378: ZF-1.12.7 breaks code when using multi column ordering
    382: Proper cleaning of File cache files in cleaning mode ALL
    385: Serialized DateTime includes fractions of seconds since 5.6.0beta4
    390: Zend_Locale_Format::_getEncoding() is missing a return statement
    394: Validate_Hostname: Punycode decoding fails if encoded string has not hyphen
    399: Argument 4 to hash_hmac() must be of type ?bool, int given
    402: [Http\ Multiple fixes related to the curl adapter
    410: fix for issue 393 - always reset libxml_disable_entity_loader
    414: Fix for 270 Missing class Zend_Service_Console_Command
    418: Improved regex for SQL group, order, from


12 Jun 2014 - release-1.12.7

15 Apr 2014 - release-1.12.6

7 Mar 2014 - release-1.12.5

6 Mar 2014 - release-1.12.4

27 Mar 2013 - release-1.12.3

27 Mar 2013 - release-1.12.2

13 Feb 2013 - release-1.12.1

13 Feb 2013 - release-1.12.0
