Merge branch 'releases/1.12.16'

1.12.16 readiness
zendframework · Sep 15, 2015 · 8a3c471 · 8a3c471
2 parents 8826336 + f1b0fe0
commit 8a3c471
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -7,12 +7,28 @@ Master: [![Build Status](https://api.travis-ci.org/zendframework/zf1.png?branch=
 RELEASE INFORMATION
 ===================
 
-Zend Framework 1.12.16dev Release.
-Released on MMM DD, YYYY.
+Zend Framework 1.12.16 Release.
+Released on Sep 15, 2015.
 
 IMPORTANT FIXES FOR 1.12.16
 ---------------------------
 
+This release contains security fixes:
+
+- **ZF2015-07**: A number of components, including `Zend_Cloud`,
+ `Zend_Search_Lucene`, and `Zend_Service_WindowsAzure` were creating directories with
+ a liberal umask that could lead to local arbitrary code execution and/or
+ local privilege escalation. This release contains a patch that ensures the
+ directories are created using permissions of 0775 and files using 0664
+ (essentially umask 0002).
+
+- **ZF2015-08**: ZF2014-06 uncovered an issue in the sqlsrv adapter provided by
+ the framework whereby null bytes were not filtered correctly when generating
+ SQL. A reporter discovered the same vulnerability is present in our PDO implementation
+ when used with pdo_dblib, and could potentially be applied to other PDO adapters.
+ This release contains a patch to properly escape null bytes used in SQL queries
+ across all PDO adapters shipped with the framework.
+
 See http://framework.zend.com/changelog for full details.
 
 NEW FEATURES

diff --git a/library/Zend/Version.php b/library/Zend/Version.php
@@ -32,7 +32,7 @@ final class Zend_Version
  /**
  * Zend Framework version identification - see compareVersion()
  */
- const VERSION = '1.12.16dev';
+ const VERSION = '1.12.16';
 
  /**
  * The latest stable version Zend Framework available