Updated README with ZF2015-04 details

weierophinney · weierophinney · commit 5dbff43bae68 · 2015-05-19T12:44:13.000-05:00
diff --git a/README.md b/README.md
@@ -13,6 +13,17 @@ Released on MMMMMMMM DD, YYYY.
 IMPORTANT FIXES FOR 1.12.12
 ---------------------------
 
+**This release contains security updates:**
+
+- **ZF2015-04:** `Zend_Mail` and `Zend_Http` were both susceptible to CRLF Injection
+  Attack vectors (for HTTP, this is often referred to as HTTP Response
+  Splitting). Both components were updated to perform header value validations
+  to ensure no values contain characters not detailed in their corresponding
+  specifications, and will raise exceptions on detection. Each also provides new
+  facilities for both validating and filtering header values prior to injecting
+  them into header classes. If you use either `Zend_Mail` or `Zend_Http`,
+  we recommend upgrading immediately.
+
 See http://framework.zend.com/changelog for full details.
 
 NEW FEATURES
