I'm calling bullshit on the #zendframework / @getlaminas CVE floating around. Using unserialize on untrusted user input is always flawed and not specific to a framework vuln. Here is a good read on that topic https://medium.com/swlh/exploiting-php-deserialization-56d71f03282a
Open source. Open community. We are dedicated to building and enriching the PHP community.