These releases upgrade the bundled expat library to 2.5.0, which fixes CVE-2022-43680. In addition, release 1.12.4 fixes an issue in PollSet (introduced in 1.12.0) that can lead to 100 % CPU load in SocketReactor on single-core CPUs. The complete list of closed GitHub issues is in the CHANGELOG.
This is a security-focused maintenance release that fixes a CVE (CVE-2019-15903) in the bundled libexpat XML parser library by updating it to release 2.2.8. Upgrading to this release is highly recommended.
This is a maintenance release that most importantly updates the bundled libexpat XML parser library to release 2.2.7, which fixes a potential vulnerability (CVE-2018-20843). The release also includes fixes to CMake when building on Windows with a Windows 10 SDK (mc.exe not found) and to the caching framework. See the CHANGELOG for details. Upgrading is […]
Release 1.7.9p1 fixes a potential vulnerability in the Zip library. The checks Poco::Zip::Decompress performs on an Zip archive entry file name before extracting that file were insufficient. This would allow an attacker to craft a malicious Zip archive containing files with absolute paths, or paths relative to the current user’s home directory on Linux/Unix platforms. […]
Release 1.7.8p3 upgrades the bundled Expat XML parser to release 2.2.1 which fixes some vulnerabilities. Upgrading from earlier releases is highly recommended. Changelog