As many are aware Zend framework vulnerability news mentioned three weeks ago that a patch expected to be released in several weeks. I assume "several weeks" is coming close, however could Magento administration provide suggestive date(s) when the patch will be released? We need to be prepared.
@sherrie announced in Twitter that the update is coming soon:
As you can see in one of the replies, there is no planned date for the release yet, so we have to wait and follow the security recommendations from Magento (https://magento.com/security/news/new-zend-framewo
Regarding that specific vulnerability, we should follow the recommendation of turning the following setting off: "Set Return-Path" (in the System/Stores-> Configuration-> Advanced-> System-> Mail Sending Settings section).
I think I saw an annoucements few days ago which stated that if everything goes according to plan Magento will release new updates for Magento 1.9, 2.0 and 2.1 next week.