Skip to content
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.

Latest commit

 

History

History
206 lines (116 loc) · 3.81 KB

CHANGELOG.md

File metadata and controls

206 lines (116 loc) · 3.81 KB
Raw

Changelog

All notable changes to this project will be documented in this file, in reverse chronological order by release.

2.9.1 - TBD

Added

  • Nothing.

Changed

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

2.9.0 - 2019-06-18

Added

  • #42 adds support for PHP 7.3.

Changed

  • Nothing.

Deprecated

  • Nothing.

Removed

  • #42 removes support for zend-stdlib v2 releases.

Fixed

  • Nothing.

2.8.0 - 2018-04-24

Added

  • #39 adds support for PHP 7.1 and 7.2.

Changed

  • Nothing.

Deprecated

  • Nothing.

Removed

  • #39 removes support for HHVM.

Fixed

  • #23 fixes an issue with garbage collection of expired CAPTCHA images when concurrent requests trigger collection.

  • #31 fixes using the ReCaptcha response as the value parameter to isValid().

2.7.0 - 2017-02-20

Added

  • #29 adds support for zend-recaptch v3.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

2.6.0 - 2016-06-21

Added

Deprecated

  • Nothing.

Removed

  • #20 removes support for PHP 5.5

Fixed

  • Nothing.

2.5.4 - 2016-02-23

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #18 updates dependencies to known-stable, forwards-compatible versions.

2.5.3 - 2016-02-22

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #6 ensures that null values may be passed for options.

2.5.2 - 2015-11-23

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • ZF2015-09: Zend\Captcha\Word generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the array_rand() calls to use Zend\Math\Rand::getInteger(), which provides better RNG.

2.4.9 - 2015-11-23

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • ZF2015-09: Zend\Captcha\Word generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the array_rand() calls to use Zend\Math\Rand::getInteger(), which provides better RNG.