FYI: Bugify 1.8.5+ uses Zend Framework 1.12.17dev

richr's Avatar

richr

06 Aug, 2018 11:10 PM

Yes, that is correct Zend Framework version is 1.12.17dev - still commonly referred to 1.12.17 ⇒ for anyone who really wants to know.

its old and is retired - but seems still usable / viable.

This version of Zend Framework does have these vulnerability issues:
ZF2016-01 ⇒ https://framework.zend.com/security/advisory/ZF2016-01
ZF2016-02 ⇒ https://framework.zend.com/security/advisory/ZF2016-02
ZF2016-03 ⇒ https://framework.zend.com/security/advisory/ZF2016-03

Zend says to update to version 1.12.20 (which is the last 1.12.x version released) to address all of these issues.

I haven't researched every zend call, cuz theres a lot of dependency calls (especially with ZF2016-01) within other Zend calls - so haven't researched all the parent calls made by Bugify 1.8.5+; to see if these Zend calls are even made or if call changes need to be made in Bugify.

In a couple of these vulnerble Zend calls I researched - they were all internal to Zend, not at the Bugify level. So all may be OK and upgrading to Zend Framework version 1.12.20 may be transparent (meaning bugify just passes commands strings/calls down to Zend) to Bugify -- but I do not know.

You can research yourself or pull down Zend 1.12.20 into Bugify (2 places in 1.9.x; 1 place in 1.8.5) and test yourself.
I am not the developer of Bugify, so im not going to research or work this for him or her.

Just FYI.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac