Skip to content

C
coconva2118
Switch branch/tag
Find file
BlameHistoryPermalink
CHANGELOG.md 3.35 KB

Changelog

All notable changes to this project will be documented in this file, in reverse chronological order by release.

2.8.0 - 2018-04-24

Added

  • #39 adds support for PHP 7.1 and 7.2.

Changed

  • Nothing.

Deprecated

  • Nothing.

Removed

  • #39 removes support for HHVM.

Fixed

  • #23 fixes an issue with garbage collection of expired CAPTCHA images when concurrent requests trigger collection.

  • #31 fixes using the ReCaptcha response as the value parameter to isValid().

2.7.0 - 2017-02-20

Added

  • #29 adds support for zend-recaptch v3.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

2.6.0 - 2016-06-21

Added

Deprecated

  • Nothing.

Removed

  • #20 removes support for PHP 5.5

Fixed

  • Nothing.

2.5.4 - 2016-02-23

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #18 updates dependencies to known-stable, forwards-compatible versions.

2.5.3 - 2016-02-22

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #6 ensures that null values may be passed for options.

2.5.2 - 2015-11-23

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • ZF2015-09: Zend\Captcha\Word generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the array_rand() calls to use Zend\Math\Rand::getInteger(), which provides better RNG.

2.4.9 - 2015-11-23

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • ZF2015-09: Zend\Captcha\Word generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the array_rand() calls to use Zend\Math\Rand::getInteger(), which provides better RNG.