Zend Framework Patch, Release Date?

onlinestore23 · ‎02-03-2017

As many are aware Zend framework vulnerability news mentioned three weeks ago that a patch expected to be released in several weeks. I assume "several weeks" is coming close, however could Magento administration provide suggestive date(s) when the patch will be released? We need to be prepared.

https://magento.com/security/news/new-zend-framework-1-security-vulnerability

Gabriel Guarino · ‎02-03-2017

Hi @onlinestore23,

@sherrie announced in Twitter that the update is coming soon:

https://twitter.com/sherrierohde/status/826956249929437184

As you can see in one of the replies, there is no planned date for the release yet, so we have to wait and follow the security recommendations from Magento (https://magento.com/security/news/new-zend-framework-1-security-vulnerability).

Regarding that specific vulnerability, we should follow the recommendation of turning the following setting off: "Set Return-Path" (in the System/Stores-> Configuration-> Advanced-> System-> Mail Sending Settings section).

Best regards.

Gabriel

Welcome to the Magento Forums. Remember to introduce yourself and read the Magento Forums Guidelines.

Pronto · ‎02-04-2017

I think I saw an annoucements few days ago which stated that if everything goes according to plan Magento will release new updates for Magento 1.9, 2.0 and 2.1 next week.

Tanel Raja

Mukesh Tiwari · ‎02-07-2017

Hi @onlinestore23

The patch has been released. You can download the patch from following link SUPEE-9652

Please visit following link also Important Magento Security and Product Updates

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Zend Framework Patch, Release Date?

Zend Framework Patch, Release Date?

Re: Zend Framework Patch, Release Date?

Re: Zend Framework Patch, Release Date?

Re: Zend Framework Patch, Release Date?