Bug ID 1078718
Summary Deleting Zend Framework from Factory
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.0
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter kbabioch@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

openSUSE:Factory and hence openSUSE:Leap:15.0 still contain very old versions
of Zend Framework (1.12.20, php7-ZendFramework). These are no longer maintained
upstream since Sep 2016.

There are open issues for Zend Framework (see #1017629 #1044027 #1052785) with
security implications. It is not even clear whether the old 1.12.x branch is
actually affected by the 2.2.x.

Is anyone interested in bumping the version to the 3.x branch? Otherwise I
would submit a deletion request, since upstream seems to be rather dead anyway
(last release in 2016, no active development going on) and there are no
dependencies on it.

You are receiving this mail because: