* **ZF2015-04**: ZendMail and ZendHttp were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either ZendMail or ZendHttp (which includes users of ZendMvc), we recommend upgrading immediately.