http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Bug ID: 1078718 Summary: Deleting Zend Framework from Factory Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- openSUSE:Factory and hence openSUSE:Leap:15.0 still contain very old versions of Zend Framework (1.12.20, php7-ZendFramework). These are no longer maintained upstream since Sep 2016. There are open issues for Zend Framework (see #1017629 #1044027 #1052785) with security implications. It is not even clear whether the old 1.12.x branch is actually affected by the 2.2.x. Is anyone interested in bumping the version to the 3.x branch? Otherwise I would submit a deletion request, since upstream seems to be rather dead anyway (last release in 2016, no active development going on) and there are no dependencies on it. -- You are receiving this mail because: You are on the CC list for the bug.