As mentioned in this new post to the Zend Developer Zone, the latest version of the Zend Framework has been released - 1.7.5 - and includes an important security fix:

Besides the normal small enhancements and bug fixes that come with an incremental release such as this, there is also a rather important (and somewhat controversial) security fix that was added. This security fix breaks backwards compatibility with the previous version, because it simply must in order to exist. There is however a way to turn the security fix off to keep your current applications working in the case that this change breaks you.

Matthew Weier O'Phinny gives more detail on the issue over on his blog. The problem stems from an issue in the Zend_View's render() method and possible user input problems.

You can download this latest release from the Zend Framework website.