Merge tag 'release-1.12.19' of github.com:zendframework/zf1 into MAGETWO-55432 #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Zend_Validate_Hostname - Updated TLD list
It solves executing queries with subqueries in SELECT block. "New line" char (which is added in _renderFrom function while imploding joins) causes problem in regexp for "AS" case detection
…e a very rare case with raw subquery with "new line" chars inside
…pdate Zend_Validate_Hostname - updated TLD list to the version 2015102801
Fixed the null byte test for Zend_Db_Adapter_Pdo
…ditional space chars in it.
This patch fixes a potential entropy fixation vector with `Zend_Captcha_Word`. Prior to the fix, when selecting letters for the CAPTCHA, `array_rand()` was used, which does not use sufficient entropy during randomization. The patch backports randomization routines from ZF2 in order to provide a more cryptographically secure RNG.
Fix for ZF2015-09.
This allows us to easily switch between PHP versions down to 5.3 using the `newphp nn` command. You're on your own for installing PHPUnit though, it's easy enough with `composer global require phpunit/phpunit:~4.0` or whatever though.
Update FirePhp for different debug_backtrace on PHP 7
Skip Zend_Soap tests on Travis with PHP 5.4.37 because of segfaults
Update to 1.17
Fix for 655 issue - ZF2015-08 breaks binary data
… for MultiCheckboxes due to a typo
Update Vagrantfile to use Rasmus' php7 box
…orm-Elements docs
…ng documentation
Fixes zendframework#575 - Removes Zend_Gdata_YouTube which is based on Data API v2
Patch for ZF2016-01
- Updated VERSION constant to 1.12.18 - Updated README: - set stable version - set release date - added verbiage around ZF2016-01
1.12.18 readiness
- Updated README: set version, date, and changelog notes. - Updated `Zend_Version::VERSION` constant.
Patches ZF2016-02, and prepares for 1.12.19 release.
…TWO-55432 MAGETWO-55432: Bypass single query restriction and inject SQL Zend Framework 1.12.19 Security Updates ---------------- - **ZF2016-02**: The implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` contained potential SQL injection vulnerabilities, and have been patched.
|
Before accepting this PR, we need to test compatibility with Magento 2.0.x and 2.1.x |
magento-devops-reposync-svc
pushed a commit
that referenced
this pull request
Dec 10, 2021
Hotfix backtrack limit error
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
MAGETWO-55432: Bypass single query restriction and inject SQL