Some javascript/style in this post has been disabled (
why?)
The Zend Framework team has been notified of a potential
Local File Inclusion (LFI) attack vector in Zend_View's render() method. To
address the issue, as of the 1.7.5 release the render() method no longer
accepts paths that include parent directory traversal (e.g., "../"
and "..\") in the path argument. This introduces a regression in
behavior which can be addressed by turning off the lfiProtectionOn flag. For
more information, see:
http://framework.zend.com/manual/en/zend.view.migration.html
If this advisory does not affect your applications, please
disregard. We take security very seriously and will continue to notify all
users when a security fault is discovered.
Thank you.
,Wil
