diff --git a/data/posts/2014-08-26-1.12.8-Released.php b/data/posts/2014-08-26-1.12.8-Released.php
index 90cd33e75..0e2cb42ee 100644
--- a/data/posts/2014-08-26-1.12.8-Released.php
+++ b/data/posts/2014-08-26-1.12.8-Released.php
@@ -38,6 +38,11 @@
Notable Changes
+ - #418 Improved regex for
+ SQL group, order, from statement. This is an improvement of the Security Advisory
+ ZF2014-04,
+ to prevent potential SQL injection. This PR that can be a potential BC break for
+ complex SQL code. See below for more information.
- #360 updates Zend_Locale
to use CLDR version 25.
- #98 allows editing and
@@ -47,7 +52,7 @@
Zend_Pdf::resetJavaScript().
- #414 adds the
Microsoft_Console component from the Windows Azure SDK for PHP into
- the Zend_Service_Console component, ensuring that WindowsAzure
+ the Zend_Service_Console component, ensuring that WindowsAzure
command line functionality included in the framework can now work.
- #385 adds support for
DateTime fractional seconds under PHP 5.6+.
@@ -62,6 +67,14 @@
See the changelog for full details.
+Potential BC break
+
+The PR #418 can introduces
+potential BC break in presence of complex SQL statements (for instance using SQL sub-functions).
+To fix this you can use Zend_Db_Expr() in the group(), order() or from()
+functions, if your SQL code doesn't work after the upgrade to ZF 1.12.8.
+
+
Thank You!