Security

Security Advisory: ZF2019-01

ZF2019-01: Information disclosure in zend-developer-tools

The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being disabled.

Affected versions

  • zendframework/zend-developer-tools 1.2.2

Action Taken

A test was added to the package to verify that only whitelisted entries should be aggregated when configuring the toolbar, and the code updated to comply.

The patch resolving the vulnerability is available in zend-developer-tools 1.2.3.

We highly recommend all users of the package to update immediately.

Acknowledgments

The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:

Released 2019-03-28

Back to advisories

Have you identified a security vulnerability?

Please report it to us at zf-security@zend.com

About
Overview
FAQ
License
Changelog
Security
Issues

Install
Get started
MVC skeleton app
Expressive skeleton app
Archives

Documentation
Overview
Training and Certification
Support and Consulting
Webinars
Blog
Zend Framework 2 - API
Zend Framework 1 - API

Participate
Overview
Slack
Forums
Contributor guide
Code Manifesto
Contributors
Logos
Get certified
Privacy Policy

Copyright

© 2006-2022 by Zend by Perforce. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts