Zend Framework 1.12.10

• 1: isLast not working as expected in Zend_Service_Amazon_SimpleDb_Page
• 8: Zend_Loader_ClassMapAutoloader is not auto included when using Zend_Loader_AutoloaderFactory::factory
• 15: Zend_Db_Table_Abstract::delete does not delete from dependent table
• 32: Zend_Soap_Client has no 'exceptions' flag.
• 62: Zend_Validate_EmailAddress->_validateMXRecords() fails on Umlaut-Domains
• 187: Zend_Rest_Server does not properly handle optional parameters when anonymous (arg1, etc) parameters are passed in
• 322: Zend_Validate_Hostname: disallowed Unicode code point
• 324: SlideShare API change some tag names.
• 345: CallbackHandler throws warning if WeakRef-extension not installed
• 377: Zend_Console_Getopt: Missing required parameter consumes next option as its parameter value
• 400: PHPUnit contraints: use real class names to help classmap generators
• 426: Use relative filenames for _validIdns for direct include in Zend_Validate_Hostname
• 434: Corrected type of property _currentRoute
• 440: Zend_Controller_Dispatcher_Abstract::_formatName() inconsistent with Action name handling
• 441: Loosen regex to allow nested function calls in SQL
• 444: Update Zend_Validate_Hostname TLDs list to 2014102301 version
• 446: fix typo unkown -> unknown
• 448: fix travis ci build for php 5.2
• 449: Zend_Date doesn't create correct date when seconds are missing from 8601 format
• 452: "fluent", not "fluid"
• 453: Zend_Cache_Backend_Memcached looks at "bytes", but Couchbase 1.x returns "mem_used"
• 456: Documentation of Zend_Feed_Pubsubhubbub_Model_ModelAbstract
• 458: Fixed bug in quoteInto with $count parameter and question sign in $value
• 461: CDATA section for category elements in RSS feed
• 465: Zend_Currency creates invalid cache ids for values with fractions
• 467: debug_backtrace() called twice when only once needed
• 468: Zend_Validate_Hostname improvements
• 469: [Zend_Validate\ Testcase for #322
• 471: End of life for PHPUnit installation using pear
• 475: Zend Json Server Exception is missing the method name
• 478: Create .gitattributes to mirror archive { } in composer.json
• 480: Virtual machine doesn't install initial packages
• 483: Update copyright to 2015
• 484: Adds content headers on POST request in Zend_Controller_Request_HTTP
• 487: Allow overriding cache id and tag validation in Zend_Cache
• 488: Zend_Dojo_View_Helper_Dojo_Container setCdnVersion error...
• 490: Added more specific return documentation for Zend_Navigation Pages

Zend Framework 1.12.9

• 372: Zend_Db_Adapter_Sqlsrv is vulnerable to null byte input
• 423: Zend_Validate_NotEmpty::isValid() generates notice when validating empty array
• 430: zh_HK locale cannot identify Integer

SECURITY UPDATES

• ZF2014-05: Due to an issue that existed in PHP's LDAP extension, it is
  possible to perform an unauthenticated simple bind against a LDAP server by
  using a null byte for the password, regardless of whether or not the user
  normally requires a password. We have provided a patch in order to protect
  users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all
  versions of PHP 5.3 and below). If you use Zend\Ldap and are on an affected
  version of PHP, we recommend upgrading immediately.
• ZF2014-06: A potential SQL injection vector existed when using a SQL
  Server adapter to manually quote values due to the fact that it was not
  escaping null bytes. Code was added to ensure null bytes are escaped, and
  thus mitigate the SQLi vector. We do not recommend manually quoting values,
  but if you do, and use the SQL Server adapter without PDO, we recommend
  upgrading immediately.

Zend Framework 1.12.8

#418 can introduce potential BC breaks in the presence of complex SQL statements (for instance using SQL sub-functions). To fix this, use Zend_Db_Expr in group(), order(), or from() method calls.

• 54: Zend_Loader invalid links, missing docs
• 98: Allow editing and flattening of text form fields within PDF documents
• 244: Zend_Oauth_Client: Consider multipart/form-data
• 270: Missing class Zend_Service_Console_Command
• 277: Patch two level cache updates
• 289: Zend_Date milliseconds bug
• 342: Zend_Locale_Format::getFloat does not handle exponential notation ("1e-2" returns -100 instead of 0.01)
• 348: Fixed bug - do not allow invalid hostname with double dots i.e. zend..com
• 354: CLDR v25 released
• 363: Zend_Locale_Data::disableCache(true) is always reset
• 364: Fix convertPhpToIsoFormat
• 365: Fix for array to string conversion error in Zend_Validate_Abstract
• 368: Zend_Validate_Hostname: invalidates long TLDs above 10 characters (latest IANA TLDs)
• 375: Fixes #374 - Implement Zend_Pdf::getJavascript() and Zend_Pdf::setJavascript()
• 378: ZF-1.12.7 breaks code when using multi column ordering
• 382: Proper cleaning of File cache files in cleaning mode ALL
• 385: Serialized DateTime includes fractions of seconds since 5.6.0beta4
• 390: Zend_Locale_Format::_getEncoding() is missing a return statement
• 394: Validate_Hostname: Punycode decoding fails if encoded string has not hyphen
• 399: Argument 4 to hash_hmac() must be of type ?bool, int given
• 402: [Http\ Multiple fixes related to the curl adapter
• 410: fix for issue 393 - always reset libxml_disable_entity_loader
• 414: Fix for 270 Missing class Zend_Service_Console_Command
• 418: Improved regex for SQL group, order, from