The Zend Framework community is pleased to announce the immediate availability of Zend Framework 1.12.20! Packages and installation instructions are available at:
This release includes a single security patch, reported as
ZF2016-03, for SQL injection vulnerabilities in
Zend_Db_Select::group() methods. If you use
these, we recommend updating immedaitely.
To see the complete set of issues resolved for 1.12.20, please visit the changelog:
End of Life
As announced previously, Zend Framework 1 will reach its end of life on 28 September 2016, and only receive security fixes between now and that date. Past that point, we will offer custom bug and security fixes for Zend Framework 1 on-demand only to Enterprise users of Zend Server.
Many thanks to Enrico Zimuel for his efforts in developing the security patch for this release!