1.12.20 readiness

zendframework · Sep 8, 2016 · 737ef15 · 737ef15
2 parents 73cb94e + 880d6d0
commit 737ef15
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -18,12 +18,22 @@ Master: [![Build Status](https://api.travis-ci.org/zendframework/zf1.png?branch=
 RELEASE INFORMATION
 ===================
 
-Zend Framework 1.12.20-dev Release.
-Released on MMM DD, YYYY.
+Zend Framework 1.12.20 Release.
+Released on September 08, 2016.
 
 IMPORTANT FIXES FOR 1.12.20
 ---------------------------
 
+**This release contains security updates:**
+
+- **ZF2016-03:** The implementation of `ORDER BY` and `GROUP BY` in
+ `Zend_Db_Select` remained prone to SQL injection when a combination of SQL
+ expressions and comments were used. This release provides a comprehensive
+ solution that identifies and removes comments prior to checking validity of
+ the statement to ensure no SQLi vectors occur. We advise always filtering user
+ input prior to invoking these methods, however, to further protect your
+ applications.
+
 See http://framework.zend.com/changelog for full details.
 
 NEW FEATURES

diff --git a/library/Zend/Version.php b/library/Zend/Version.php
@@ -32,7 +32,7 @@ final class Zend_Version
  /**
  * Zend Framework version identification - see compareVersion()
  */
- const VERSION = '1.12.20dev';
+ const VERSION = '1.12.20';
 
  /**
  * The latest stable version Zend Framework available