Preparation for 1.12.20

- Updated README: - Updated version to stable - Set date for release - Added release notes including ZF2016-03 details - Updated VERSION constant
tavy315 · Sep 13, 2016 · ba7d7f8 · ba7d7f8
1 parent 30b26eb
commit ba7d7f8
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -18,17 +18,21 @@ Master: [![Build Status](https://api.travis-ci.org/tavy315/zendframework1.png?br
 RELEASE INFORMATION
 ===================
 
-Zend Framework 1.12.19 Release.
-Released on July 13, 2016.
+Zend Framework 1.12.20 Release.
+Released on September 13, 2016.
 
-IMPORTANT FIXES FOR 1.12.19
+IMPORTANT FIXES FOR 1.12.20
 ---------------------------
 
-This release contains security fixes:
+**This release contains security updates:**
 
-- **ZF2016-02**: The implementation of `ORDER BY` and `GROUP BY` in
-  `Zend_Db_Select` contained potential SQL injection vulnerabilities,
-  and have been patched.
+- **ZF2016-03:** The implementation of `ORDER BY` and `GROUP BY` in
+  `Zend_Db_Select` remained prone to SQL injection when a combination of SQL
+  expressions and comments were used. This release provides a comprehensive
+  solution that identifies and removes comments prior to checking validity of
+  the statement to ensure no SQLi vectors occur. We advise always filtering user
+  input prior to invoking these methods, however, to further protect your
+  applications.
 
 See http://framework.zend.com/changelog for full details.
 

diff --git a/library/Zend/Version.php b/library/Zend/Version.php
@@ -32,7 +32,7 @@ final class Zend_Version
     /**
      * Zend Framework version identification - see compareVersion()
      */
-    const VERSION = '1.12.19';
+    const VERSION = '1.12.20';
 
     /**
      * The latest stable version Zend Framework available