With the release of Zend Framework 3, it's time to halt development on Zend Framework 1. As such, we hereby announce that Zend Framework 1 reaches its End of Life (EOL) three months from today, on 28 September 2016.

Between now and then, we will only provide security fixes, if any security reports are made in that time frame. Past that point, we will offer custom bug and security fixes for Zend Framework 1 on-demand only to Enterprise users of Zend Server.

Additionally, as of today, access to our legacy subversion server is disabled. If you were using svn:externals to incorporate Zend Framework into your application, please download the relevant package as listed in our Zend Framework packages archives instead, or update your application to use Composer.

If you need assistance migrating your Zend Framework 1 application to Zend Framework 2/3 or Expressive, Zend offers architecture migration services.

If you are in need of Zend Framework 2/3 training, Zend offers both a Zend Framework 2 Fundamentals course and a Zend Framework 2 Advanced Concepts course.

Source

This is an installment in an ongoing series of posts on ZF3 development status. Since the last status update:

  • ~130 pull requests merged, and ~100 issues closed.
  • Over 30 component releases.
  • Completion of the component documentation migration.
  • Tagging of zend-mvc 3.0.
  • Completion of the new skeleton application and related installers.

Documentation

Since the last update, we managed to complete the migration of documentation to components, as well as publish documentation for all components!

You can view a list of all documented components via GitHub Pages:

Each component contains a link in the topnav to scroll in the component list, allowing you to navigate to other components.

Please help us thank Frank Brückner for the enormous amount of assistance he provided driving this milestone to completion!

zend-mvc 3.0 stability

After copious testing with the skeleton application (more on that below), and prepping components such as zend-test to work with it, we decided that zend-mvc was ready to tag with a 3.0 stable version!

For those not following previous updates, the main goals of the zend-mvc v3 effort were:

  • De-couple from other components. Many components were listed as development requirements and suggestions due to the fact that zend-mvc contained zend-servicemanager integrations for them. We have moved those integrations into the components themselves.
  • Reduce dependencies to exactly what's needed for a basic zend-mvc application:
    • EventManager
    • HTTP
    • ModuleManager
    • Router
    • ServiceManager
    • Standard Library
    • View
  • Split optional integrations into their own packages. These included:
    • Console integration (now provided via zend-mvc-console)
    • i18n integration (now provided via zend-mvc-i18n)
    • Several plugins had requirements on additional libraries, including:
      • PRG (uses zend-session)
      • FilePRG (uses zend-form and zend-session)
      • FlashMessenger (uses zend-session)
      • Identity (uses zend-authentication)

During the process, we were able to remove around 75% of the code, making the component much smaller, more maintainable, and more focused.

Once zend-mvc was tagged 3.0, we quickly followed up with a zend-test 3.0 release, and stable releases of zend-mvc-console, zend-mvc-i18n, and the various zend-mvc-plugin packages.

Skeleton application

We'd begun refactoring the skeleton application previously, and were able to complete the work in the past couple weeks. The new skeleton:

  • Migrates to PSR-4 directory layout for the shipped Application module.
  • Relies on Composer for all autoloading, including the Application module.
  • Removes all translations. These were of dubious use, and were quite difficult to maintain.
  • Depends only on zend-mvc, zend-component-installer (which automates injecting components and modules into application configuration during installation), and zend-skeleton-installer (more on this below).
  • We removed almost 8000 lines of code, adding only 800!

zend-skeleton-installer is a new Composer plugin that prompts the user during installation to:

  • Decide if they want a minimal install, or want to add optional packages.
  • Prompts for a number of common optional packages, including caching, logging, console integration, i18n, etc.
  • When installation is complete, it removes itself from the project!

Matthew plans to blog on the code behind zend-skeleton-installer in the near future.

You can test out the new skeleton using the following:

$ composer create-project "zendframework/skeleton-application:dev-develop" zend-project

The above will use the new develop branch, and create a project in the directory zend-project.

Finally, we added both an updated Vagrantfile and Docker support to the skeleton, allowing you to start developing in a consistent, de-coupled environment immediately.

For Vagrant, after you've installed, execute:

$ vagrant up

For Docker, you will need to use docker-compose; once you have that available, execute:

$ docker-compose up -d --build

With each, we bind your host port 8080 to the container's port 80, allowing you to visit it at http://localhost:8080/

We're excited about the new skeleton, and look forward to getting your feedback on it!

Final milestones

We have a few last milestones before we're ready to announce the completion of the Zend Framework 3 initiatives.

First, because PHP 5.5 support ends at the end of June, we will be releasing a new minor version of all components setting the minimum supported PHP version to 5.6. (Many already have such versions in place.)

Second, now that the skeleton application is ready, we will be migrating our tutorials to a new repository, converting them to Markdown and MkDocs, and updating them to follow the new skeleton and component changes.

Finally, we will be deciding what the zendframework/zendframework package will look like for a version 3 tag. In large part, it becomes unnecessary, as we can ship even the skeleton with a minimal set of components; however, for those who want "everything at once", keeping it around as a metapackage may have value. We'll be announcing the plans for it soon.

Until next time

If you want to help:

  • Test the new skeleton (see the directions above) and provide feedback.
  • Search for help wanted or EasyFix issues (most of the latter are documentation).

Many thanks to all the contributors who have provided feedback, patches, reviews, or releases since the last update!

Source

This is an installment in an ongoing series of posts on ZF3 development status. Since the last status update:

  • ~130 pull requests merged, and ~100 issues closed.
  • Over 30 component releases.
  • Completion of the component documentation migration.
  • Tagging of zend-mvc 3.0.
  • Completion of the new skeleton application and related installers.

Documentation

Since the last update, we managed to complete the migration of documentation to components, as well as publish documentation for all components!

You can view a list of all documented components via GitHub Pages:

Each component contains a link in the topnav to scroll in the component list, allowing you to navigate to other components.

Please help us thank Frank Brückner for the enormous amount of assistance he provided driving this milestone to completion!

zend-mvc 3.0 stability

After copious testing with the skeleton application (more on that below), and prepping components such as zend-test to work with it, we decided that zend-mvc was ready to tag with a 3.0 stable version!

For those not following previous updates, the main goals of the zend-mvc v3 effort were:

  • De-couple from other components. Many components were listed as development requirements and suggestions due to the fact that zend-mvc contained zend-servicemanager integrations for them. We have moved those integrations into the components themselves.
  • Reduce dependencies to exactly what's needed for a basic zend-mvc application:
    • EventManager
    • HTTP
    • ModuleManager
    • Router
    • ServiceManager
    • Standard Library
    • View
  • Split optional integrations into their own packages. These included:
    • Console integration (now provided via zend-mvc-console)
    • i18n integration (now provided via zend-mvc-i18n)
    • Several plugins had requirements on additional libraries, including:
      • PRG (uses zend-session)
      • FilePRG (uses zend-form and zend-session)
      • FlashMessenger (uses zend-session)
      • Identity (uses zend-authentication)

During the process, we were able to remove around 75% of the code, making the component much smaller, more maintainable, and more focused.

Once zend-mvc was tagged 3.0, we quickly followed up with a zend-test 3.0 release, and stable releases of zend-mvc-console, zend-mvc-i18n, and the various zend-mvc-plugin packages.

Skeleton application

We'd begun refactoring the skeleton application previously, and were able to complete the work in the past couple weeks. The new skeleton:

  • Migrates to PSR-4 directory layout for the shipped Application module.
  • Relies on Composer for all autoloading, including the Application module.
  • Removes all translations. These were of dubious use, and were quite difficult to maintain.
  • Depends only on zend-mvc, zend-component-installer (which automates injecting components and modules into application configuration during installation), and zend-skeleton-installer (more on this below).
  • We removed almost 8000 lines of code, adding only 800!

zend-skeleton-installer is a new Composer plugin that prompts the user during installation to:

  • Decide if they want a minimal install, or want to add optional packages.
  • Prompts for a number of common optional packages, including caching, logging, console integration, i18n, etc.
  • When installation is complete, it removes itself from the project!

Matthew plans to blog on the code behind zend-skeleton-installer in the near future.

You can test out the new skeleton using the following:

$ composer create-project "zendframework/skeleton-application:dev-develop" zend-project

The above will use the new develop branch, and create a project in the directory zend-project.

Finally, we added both an updated Vagrantfile and Docker support to the skeleton, allowing you to start developing in a consistent, de-coupled environment immediately.

For Vagrant, after you've installed, execute:

$ vagrant up

For Docker, you will need to use docker-compose; once you have that available, execute:

$ docker-compose up -d --build

With each, we bind your host port 8080 to the container's port 80, allowing you to visit it at http://localhost:8080/

We're excited about the new skeleton, and look forward to getting your feedback on it!

Final milestones

We have a few last milestones before we're ready to announce the completion of the Zend Framework 3 initiatives.

First, because PHP 5.5 support ends at the end of June, we will be releasing a new minor version of all components setting the minimum supported PHP version to 5.6. (Many already have such versions in place.)

Second, now that the skeleton application is ready, we will be migrating our tutorials to a new repository, converting them to Markdown and MkDocs, and updating them to follow the new skeleton and component changes.

Finally, we will be deciding what the zendframework/zendframework package will look like for a version 3 tag. In large part, it becomes unnecessary, as we can ship even the skeleton with a minimal set of components; however, for those who want "everything at once", keeping it around as a metapackage may have value. We'll be announcing the plans for it soon.

Until next time

If you want to help:

  • Test the new skeleton (see the directions above) and provide feedback.
  • Search for help wanted or EasyFix issues (most of the latter are documentation).

Many thanks to all the contributors who have provided feedback, patches, reviews, or releases since the last update!

Source

As announced last week, today, we have renamed the "zf2" repository on GitHub to "zendframework".

Per the GitHub documentation on renames, existing links will be automatically redirected, and will persist as long as we do not create a new repository with the name "zf2". Redirects occur for:

  • issues
  • wikis
  • stars
  • followers
  • git operations

Update your remotes

While git operations pushing and pulling from the original repository URLs will continue to work, GitHub recommends you update your git remotes to point to the new location. You can do this with the following in the CLI:

$ git remote set-url origin https://github.com/zendframework/zendframework.git

Note the following:

  • Replace origin with the name of the remote you use locally; upstream is also commonly used. Run git remote -v to see what you're actually using.
  • Valid remote URLs now include:

Composer

Because Packagist points to GitHub, it will seamlessly redirect. Additionally, all sha1s for all commit remain identical. As such, there should be no impact to end-users for the change for existing installs.

We have updated Packagist to point to the new URL as well, so that as users update, their composer.lock files will start pointing to the new URL.

Source

As announced last week, today, we have renamed the "zf2" repository on GitHub to "zendframework".

Per the GitHub documentation on renames, existing links will be automatically redirected, and will persist as long as we do not create a new repository with the name "zf2". Redirects occur for:

  • issues
  • wikis
  • stars
  • followers
  • git operations

Update your remotes

While git operations pushing and pulling from the original repository URLs will continue to work, GitHub recommends you update your git remotes to point to the new location. You can do this with the following in the CLI:

$ git remote set-url origin https://github.com/zendframework/zendframework.git

Note the following:

  • Replace origin with the name of the remote you use locally; upstream is also commonly used. Run git remote -v to see what you're actually using.
  • Valid remote URLs now include:

Composer

Because Packagist points to GitHub, it will seamlessly redirect. Additionally, all sha1s for all commit remain identical. As such, there should be no impact to end-users for the change for existing installs.

We have updated Packagist to point to the new URL as well, so that as users update, their composer.lock files will start pointing to the new URL.

Source

In contrast to Zend Framework 2, which was a complete rewrite and break with the architecture of Zend Framework 1, the Zend Framework 3 initiative is more of an evolutionary change. We are laser-focused on keeping as much backwards compatibility as possible, and providing reasonable migration steps for our users. Instead of moving development to a new repository, we have split code into multiple component repositories, and made the main Zend Framework repository a "meta" repository, containing dependency information only.

Another way of putting it: changes to the main repository are happening incrementally, and version 3 will just be a new major version update within the existing repository.

However, such evolutionary change poses a slight logistical problem: the repository is currently named "zf2".

As such, we've decided to rename the repository to remove the version identifier. It will become simply "zendframework".

This naming is already reflected in our Composer package, which is named "zendframework/zendframework". Additionally, GitHub will provide long-lived redirects for all links to the repository, including those to issues, comments, pull requests, etc.; those redirects also work at the git level for each of HTTPS, SSH, and git protocol access. Because no sha1s change, this means that Composer installs will not suffer any issues, either.

We've also verified with GitHub that references of the form zendframework/zf2#... within commits, comments, etc. will continue to work, and redirect to the new location.

With all our concerns satifisied, we'll be making the change on 3 May 2016, and will post to the blog with details on how to update your git remotes to point to the renamed repository at that time.

Source

In contrast to Zend Framework 2, which was a complete rewrite and break with the architecture of Zend Framework 1, the Zend Framework 3 initiative is more of an evolutionary change. We are laser-focused on keeping as much backwards compatibility as possible, and providing reasonable migration steps for our users. Instead of moving development to a new repository, we have split code into multiple component repositories, and made the main Zend Framework repository a "meta" repository, containing dependency information only.

Another way of putting it: changes to the main repository are happening incrementally, and version 3 will just be a new major version update within the existing repository.

However, such evolutionary change poses a slight logistical problem: the repository is currently named "zf2".

As such, we've decided to rename the repository to remove the version identifier. It will become simply "zendframework".

This naming is already reflected in our Composer package, which is named "zendframework/zendframework". Additionally, GitHub will provide long-lived redirects for all links to the repository, including those to issues, comments, pull requests, etc.; those redirects also work at the git level for each of HTTPS, SSH, and git protocol access. Because no sha1s change, this means that Composer installs will not suffer any issues, either.

We've also verified with GitHub that references of the form zendframework/zf2#... within commits, comments, etc. will continue to work, and redirect to the new location.

With all our concerns satifisied, we'll be making the change on 3 May 2016, and will post to the blog with details on how to update your git remotes to point to the renamed repository at that time.

Source

This is an installment in an ongoing series of posts on ZF3 development status. In the last three weeks, we've done a lot:

  • ~160 pull requests merged, and ~110 issues closed.
  • Over 60 component releases.
  • Completion of the zend-mvc version 3 refactors.
  • All components are now forwards-compatible with existing v3 releases, including those that depend on zend-stdlib.
  • Progress on the documentation initiatives, including 11 new components documented.
  • Announcement of issue closures.

MVC Refactor

In the previous update, we provided a roadmap for the zend-mvc v3 refactor; at the time, we'd just begun the initiative, but still had the bulk of the work remaining.

As of last week, however, we have completed all tasks related to the refactor! These include:

  • a component installer Composer plugin, which will automatically inject installed components into application configuration as modules. (It is also forwards-compatible with upcoming Expressive releases!)
  • console functionality as a separate component (zend-mvc-console).
  • separation of controller plugins with additional dependencies into their own packages, including:
  • separation of i18n integration into a separate component (zend-mvc-i18n).
  • separation of the code for wiring zend-di into zend-servicemanager into a dedicated component (zend-servicemanager-di).
  • removal of all factories and integrations with components that fall outside the core dependencies.

This latter required that we move the various factories, service integrations, and event listener wiring code into the components themselves. This affected eight components, though we ended up addressing another five components that were already defining factories for zend-servicemanager as well:

  • zend-filter
  • zend-form
  • zend-hydrator
  • zend-inputfilter
  • zend-log
  • zend-navigation
  • zend-serializer
  • zend-validator
  • zend-cache
  • zend-db
  • zend-mail
  • zend-paginator
  • zend-session

For each of these, we created two new classes in their defined namespaces, ConfigProvider and Module. The first is an invokable class returning configuration, which might include service configuration, plugin configuration, etc. Module is a class specific to the Zend Framework ecosystem, and returns configuration, but, in several cases, also wired other code into the zend-mvc workflow. All of the above components received new minor releases once these were in place, and zend-mvc was updated to remove dependencies on them.

The core dependencies in zend-mvc are now:

  • zend-eventmanager
  • zend-http
  • zend-modulemanager
  • zend-router
  • zend-servicemanager
  • zend-stdlib
  • zend-view

Once we were done, the lines of code had dropped to approximately 25% of the size in the version 2 releases!

Skeleton application

With the zend-mvc refactor complete, we decided to work on the skeleton application.

Feedback we've had includes:

  • While having i18n support is interesting in terms of seeing how it's done, it's mostly worthless in the skeleton application. The provided translations are only valid for the home page shipped with the skeleton, which is replaced essentially 100% of the time with custom content. Additionally, it poses maintenance overhead with regards to reviewing and accepting new translations. Finally, with the split of zend-mvc-i18n, keeping it in meant adding additional dependencies which might never be used.
  • Related, we've had a lot of folks indicate that they'd like an option for a minimal skeleton. Many developers don't want the i18n, console, forms, cache, logging, and other facilities, or want to pick and choose which ones they configure.
  • As PSR-0 is deprecated, our skeleton should reflect PSR-4 for the default Application module.
  • Related, we want to encourage using composer for all autoloading.

To get the ball rolling, I created a pull request proposing a streamlined skeleton. This has already generated a fair bit of discussion, and we have a number of new ideas we're going to investigate, including setting up Expressive-like installation questions to allow bringing in common features during the first install.

JSON Refactor

We also did some refactoring of the zend-json component. Several users have complained that it includes too much: the JSON-RPC functionality is not generally useful for those who only want JSON de/serialization, and the XML2JSON implementation is only needed by a subset of users.

As such, we split it into three:

  • zend-json contains the JSON de/serialization logic only, starting with its v3 release.
  • zend-json-server contains the JSON-RPC server implementation.
  • zend-xml2json contains the XML2JSON implementation.

We'd like to thank Ali Bahman for his assistance with these changes!

Forwards compatibility

This week, we discovered half-a-dozen components that declare a dependency on zend-stdlib, but which had not been updated to allow usage with zend-stdlib's v3 releases. As such, we quickly updated each to do so, releasing new maintenance releases when ready. These include:

  • zend-code
  • zend-expressive-skeleton
  • zend-ldap
  • zend-mime
  • zend-soap
  • zend-xmlrpc

Documentation

With the MVC initiatives complete, we have begun working on the documentation in earnest again.

The first thing we did was recognize that while it's nice to be publishing the documentation, we really need mechanisms for navigating to other components. As such, we created a topnav button that, when clicked, fetches a list of components with documentation, and slides the list in from the top of the page.

We've also been either documenting components as we create them (see the MVC plugins and JSON changes, above), or publishing documentation as we create new releases on components we update. Since the last update, we've published documentation for the following components:

Many thanks to Frank Brückner for the copious documentation updates he's provided!

There's plenty left to do, however (32 components left at the time of writing). We've created a list of components and tasks to perform if you are interested in helping!

Issue closures

Last week, Gary Hockin posted to the ZF blog about a plan to perform housekeeping of issues posted against the main zendframework repository. The basic summary is: issues against the main ZF repository have been tagged as "To Be Closed", and will be closed in early May unless you comment on an issue and tag user @GeeH before 3rd May 2016.

Pull request and issue activity

Since the last update, we've merged around 160 pull requests, and resolved around 110 issues. (links require a GitHub account).

Notable releases

As noted at the beginning of this post, we've done over 60 component releases since the last update (approximately four weeks ago). Notable amongst them:

  • Zend Framework 1.12.18
  • zend-json 3.0.0, which removes the JSON-RPC and XML2JSON functionality (as those are now in separate components)
  • zend-inputfilter 2.6.1, which fixes a long-standing issue with localization of NotEmpty validation messages generated for required inputs.
  • zend-math 2.7.0 provides a security hardening patch for Zend\Math\Rand, forcing usage of PHP 7's random_bytes() and random_int() when available, and requiring ircmaxell/RandomLib for earlier PHP versions.
  • zend-session 2.7.0 updates the component to use ext/mongodb + the MongoDB PHP client library instead of ext/mongo, and adds session identifier validation by default.
  • zend-db 2.7.1 updates the Pgsql adapter to accept the charset option; fixes Zend\Db\Sql\Insert to properly manage arrays of column names when generating SQL INSERT statements; fixes an issue with how row counts were reported in Oci8 result sets; and updates the IbmDb2 adapter to allow # characters in identifiers.
  • zend-cache 2.7.0 offers a ton of new features, including a new APCu adapter, upgraded support for XCache and Redis, and numerous bugfixes.
  • zend-stdlib 2.7.7 and zend-stdlib 3.0.1 fix declaration of Zend\Json\Json::GLOB_BRACE when on systems based on non-gcc versions of glob.

Until next time

If you want to help:

Many thanks to all the contributors who have provided feedback, patches, reviews, or releases since the last update!

Source

This is an installment in an ongoing series of posts on ZF3 development status. In the last three weeks, we've done a lot:

  • ~160 pull requests merged, and ~110 issues closed.
  • Over 60 component releases.
  • Completion of the zend-mvc version 3 refactors.
  • All components are now forwards-compatible with existing v3 releases, including those that depend on zend-stdlib.
  • Progress on the documentation initiatives, including 11 new components documented.
  • Announcement of issue closures.

MVC Refactor

In the previous update, we provided a roadmap for the zend-mvc v3 refactor; at the time, we'd just begun the initiative, but still had the bulk of the work remaining.

As of last week, however, we have completed all tasks related to the refactor! These include:

  • a component installer Composer plugin, which will automatically inject installed components into application configuration as modules. (It is also forwards-compatible with upcoming Expressive releases!)
  • console functionality as a separate component (zend-mvc-console).
  • separation of controller plugins with additional dependencies into their own packages, including:
  • separation of i18n integration into a separate component (zend-mvc-i18n).
  • separation of the code for wiring zend-di into zend-servicemanager into a dedicated component (zend-servicemanager-di).
  • removal of all factories and integrations with components that fall outside the core dependencies.

This latter required that we move the various factories, service integrations, and event listener wiring code into the components themselves. This affected eight components, though we ended up addressing another five components that were already defining factories for zend-servicemanager as well:

  • zend-filter
  • zend-form
  • zend-hydrator
  • zend-inputfilter
  • zend-log
  • zend-navigation
  • zend-serializer
  • zend-validator
  • zend-cache
  • zend-db
  • zend-mail
  • zend-paginator
  • zend-session

For each of these, we created two new classes in their defined namespaces, ConfigProvider and Module. The first is an invokable class returning configuration, which might include service configuration, plugin configuration, etc. Module is a class specific to the Zend Framework ecosystem, and returns configuration, but, in several cases, also wired other code into the zend-mvc workflow. All of the above components received new minor releases once these were in place, and zend-mvc was updated to remove dependencies on them.

The core dependencies in zend-mvc are now:

  • zend-eventmanager
  • zend-http
  • zend-modulemanager
  • zend-router
  • zend-servicemanager
  • zend-stdlib
  • zend-view

Once we were done, the lines of code had dropped to approximately 25% of the size in the version 2 releases!

Skeleton application

With the zend-mvc refactor complete, we decided to work on the skeleton application.

Feedback we've had includes:

  • While having i18n support is interesting in terms of seeing how it's done, it's mostly worthless in the skeleton application. The provided translations are only valid for the home page shipped with the skeleton, which is replaced essentially 100% of the time with custom content. Additionally, it poses maintenance overhead with regards to reviewing and accepting new translations. Finally, with the split of zend-mvc-i18n, keeping it in meant adding additional dependencies which might never be used.
  • Related, we've had a lot of folks indicate that they'd like an option for a minimal skeleton. Many developers don't want the i18n, console, forms, cache, logging, and other facilities, or want to pick and choose which ones they configure.
  • As PSR-0 is deprecated, our skeleton should reflect PSR-4 for the default Application module.
  • Related, we want to encourage using composer for all autoloading.

To get the ball rolling, I created a pull request proposing a streamlined skeleton. This has already generated a fair bit of discussion, and we have a number of new ideas we're going to investigate, including setting up Expressive-like installation questions to allow bringing in common features during the first install.

JSON Refactor

We also did some refactoring of the zend-json component. Several users have complained that it includes too much: the JSON-RPC functionality is not generally useful for those who only want JSON de/serialization, and the XML2JSON implementation is only needed by a subset of users.

As such, we split it into three:

  • zend-json contains the JSON de/serialization logic only, starting with its v3 release.
  • zend-json-server contains the JSON-RPC server implementation.
  • zend-xml2json contains the XML2JSON implementation.

We'd like to thank Ali Bahman for his assistance with these changes!

Forwards compatibility

This week, we discovered half-a-dozen components that declare a dependency on zend-stdlib, but which had not been updated to allow usage with zend-stdlib's v3 releases. As such, we quickly updated each to do so, releasing new maintenance releases when ready. These include:

  • zend-code
  • zend-expressive-skeleton
  • zend-ldap
  • zend-mime
  • zend-soap
  • zend-xmlrpc

Documentation

With the MVC initiatives complete, we have begun working on the documentation in earnest again.

The first thing we did was recognize that while it's nice to be publishing the documentation, we really need mechanisms for navigating to other components. As such, we created a topnav button that, when clicked, fetches a list of components with documentation, and slides the list in from the top of the page.

We've also been either documenting components as we create them (see the MVC plugins and JSON changes, above), or publishing documentation as we create new releases on components we update. Since the last update, we've published documentation for the following components:

Many thanks to Frank Brückner for the copious documentation updates he's provided!

There's plenty left to do, however (32 components left at the time of writing). We've created a list of components and tasks to perform if you are interested in helping!

Issue closures

Last week, Gary Hockin posted to the ZF blog about a plan to perform housekeeping of issues posted against the main zendframework repository. The basic summary is: issues against the main ZF repository have been tagged as "To Be Closed", and will be closed in early May unless you comment on an issue and tag user @GeeH before 3rd May 2016.

Pull request and issue activity

Since the last update, we've merged around 160 pull requests, and resolved around 110 issues. (links require a GitHub account).

Notable releases

As noted at the beginning of this post, we've done over 60 component releases since the last update (approximately four weeks ago). Notable amongst them:

  • Zend Framework 1.12.18
  • zend-json 3.0.0, which removes the JSON-RPC and XML2JSON functionality (as those are now in separate components)
  • zend-inputfilter 2.6.1, which fixes a long-standing issue with localization of NotEmpty validation messages generated for required inputs.
  • zend-math 2.7.0 provides a security hardening patch for Zend\Math\Rand, forcing usage of PHP 7's random_bytes() and random_int() when available, and requiring ircmaxell/RandomLib for earlier PHP versions.
  • zend-session 2.7.0 updates the component to use ext/mongodb + the MongoDB PHP client library instead of ext/mongo, and adds session identifier validation by default.
  • zend-db 2.7.1 updates the Pgsql adapter to accept the charset option; fixes Zend\Db\Sql\Insert to properly manage arrays of column names when generating SQL INSERT statements; fixes an issue with how row counts were reported in Oci8 result sets; and updates the IbmDb2 adapter to allow # characters in identifiers.
  • zend-cache 2.7.0 offers a ton of new features, including a new APCu adapter, upgraded support for XCache and Redis, and numerous bugfixes.
  • zend-stdlib 2.7.7 and zend-stdlib 3.0.1 fix declaration of Zend\Json\Json::GLOB_BRACE when on systems based on non-gcc versions of glob.

Until next time

If you want to help:

Many thanks to all the contributors who have provided feedback, patches, reviews, or releases since the last update!

Source

The Zend Framework community is pleased to announce the immediate availability of:

  • Zend Framework 1.12.18

You can download Zend Framework at:

Security Fixes

Zend Framework 1.12.18 includes a fix for security advisory ZF2016-01, a potential insufficient entropy vulnerability in a number of methods exposed in Zend Framework 1, including:

  • Zend_Ldap_Attribute::createPassword
  • Zend_Form_Element_Hash::_generateHash
  • Zend_Gdata_HttpClient::filterHttpRequest
  • Zend_Filter_Encrypt_Mcrypt::_srand
  • Zend_OpenId::randomBytes

Moreover, the fix mitigates a flaw in openssl_random_pseudo_bytes(), ensuring sufficient entropy will be used for any random number generated.

Other changes

In addition to the security patch, the release includes fourteen other patches, primarily around documentation. You can view a full list at:

Many thanks to our contributors, and particularly the maintainers who coordinated this version: Frank Brückner, Rob Allen, and Enrico Zimuel.

Source