Zend Framework 1.7.5 was released just a short while ago. While there’s not much with regards to features, there’s an interesting update to the view renderer and local file injection attacks.
I’m guilty of using this style of inclusion in some cases. Sometimes it’s just easier. I guess it’s time to re-think how I do what I do in these very few and rare cases. No more ‘../’ in my render statements!
Thanks to Zend Framework In Action for the quick update.
Tags: security, updates, zend framework