« Return to Thread: SECURITY ADVISORY
SECURITY ADVISORY
by wllm
::
Rate this Message:
Some parts of this message have been removed.
Learn more about Nabble's security policy.
The Zend Framework team has been notified of a potential
Local File Inclusion (LFI) attack vector in Zend_View's render() method. To
address the issue, as of the 1.7.5 release the render() method no longer
accepts paths that include parent directory traversal (e.g., "../"
and "..\") in the path argument. This introduces a regression in
behavior which can be addressed by turning off the lfiProtectionOn flag. For
more information, see:
http://framework.zend.com/manual/en/zend.view.migration.html
If this advisory does not affect your applications, please
disregard. We take security very seriously and will continue to notify all
users when a security fault is discovered.
Thank you.
,Wil
« Return to Thread: SECURITY ADVISORY
| Free embeddable forum powered by Nabble | Forum Help |
