POCO C++ Libraries Blog

News and discussion for the POCO Community

Patch Release 1.7.9p1 Available Fixing Potential Vulnerability in Zip Library

Release 1.7.9p1 fixes a potential vulnerability in the Zip library. The checks Poco::Zip::Decompress performs on an Zip archive entry file name before extracting that file were insufficient. This would allow an attacker to craft a malicious Zip archive containing files with absolute paths, or paths relative to the current user’s home directory on Linux/Unix platforms. […]

Release 1.7.8p3 Available – Expat Vulnerabilities

Release 1.7.8p3 upgrades the bundled Expat XML parser to release 2.2.1 which fixes some vulnerabilities. Upgrading from earlier releases is highly recommended. Changelog