Zend Framework 1.7.5 and Security Fix
- February 18th, 2009
- Posted in FAI . Picture Galleries . Ubuntu
- By
- Write comment
Just a little information:
Zend released Zend-Framework 1.7.5, which is again a bugfix release. It also fixes a (serious?) security issue regarding Zend_View. You can read all about it on Matthew Weier O’Phinney Blog.
I’m preparing the package right now, to be uploaded before Jaunty goes into Feature Freeze.
Furthermore, I’ll prepare some backports packages for Ubuntu 8.04.x LTS (aka Hardy) and Ubuntu 8.10 (aka Intrepid), so you, dear PHP/Zend Framework Developer, will have the latest bugfix/security releases available.
That brings me to another point regarding Release/Security Releases of Zend-Framework.
I know, that some people from Zend Framework Fame are reading this Planet and/or my articles, so I’m preparing an email to Zend-Framework upstream, to have security fixes in patchform for their major/minor releases. So that we as downstream can provided special security uploads to our different release pockets. It would also be very intresting to just get the SVN Revision of those important fixes.
So, dear Zend-Framework Upstream Devs, if you read this, just get in touch with me, and let’s work out a good way of providing this. It’s a good way to show, that the teamplay between Zend and Ubuntu is the best PHP Developers will get, and that the Ubuntu Platform is the No. 1 choice for PHP Business Developers.
Ubuntu might be the best choice, but Zend sure isn’t. It’s rather slow, very complex due to very, veeeery annoying XML configuration files, and it’s, let’s face it, just bloat.
I’d really like to see Ubuntu support a PHP framework that’s worth it, like Symfony, Code Ignitor oder Solar.
You should sign up for the zf-contributors mailing list; that’s a great place for you to keep in contact with the developers. Additionally, shoot me an email (matthew [at] zend), and I’ll point you to the issue in our tracker — I attached a patch there already that you can likely use.
@marcus: Um… ZF is configurationless — no XML configuration files at all. I’m not sure what you’re referring to there, but I think you’re misinformed.