Padraic Brady’s Blog: Zend Framework Security Related Releases Now Available

Padraic Brady wrote excellent post about his security review of Zend Framework and as a result, security releases of Zend Framework 1.9.7, 1.8.5 and 1.7.9.

As the announcement also indicates, following December’s excitement I spent much of the Christmas and New Year period conducting a security review of the framework. While an ongoing process, the initial review focused on specific areas most likely to deal directly or indirectly with user input and the output of user sourced data. The results of that initial review were reported over the holidays to the Zend team, who patiently put up with my long winded emails and managed not to strangle me…so far. I’m keeping myself holed up in the mountains for now.

He shares his security review experience to tell us about most common types of issues, afected components and new official Security Policy of Zend Framework.