POCO C++ Libraries Blog

News and discussion for the POCO Community


POCO C++ Libraries Releases 1.12.4 and 1.11.5 Available

These releases upgrade the bundled expat library to 2.5.0, which fixes CVE-2022-43680. In addition, release 1.12.4 fixes an issue in PollSet (introduced in 1.12.0) that can lead to 100 % CPU load in SocketReactor on single-core CPUs. The complete list of closed GitHub issues is in the CHANGELOG.

Tagged ,

Release 1.9.4 Available

This is a security-focused maintenance release that fixes a CVE (CVE-2019-15903) in the bundled libexpat XML parser library by updating it to release 2.2.8. Upgrading to this release is highly recommended.

Tagged

Release 1.9.2 Available

This is a maintenance release that most importantly updates the bundled libexpat XML parser library to release 2.2.7, which fixes a potential vulnerability (CVE-2018-20843). The release also includes fixes to CMake when building on Windows with a Windows 10 SDK (mc.exe not found) and to the caching framework. See the CHANGELOG for details. Upgrading is […]

Tagged

Patch Release 1.7.9p1 Available Fixing Potential Vulnerability in Zip Library

Release 1.7.9p1 fixes a potential vulnerability in the Zip library. The checks Poco::Zip::Decompress performs on an Zip archive entry file name before extracting that file were insufficient. This would allow an attacker to craft a malicious Zip archive containing files with absolute paths, or paths relative to the current user’s home directory on Linux/Unix platforms. […]


Release 1.7.8p3 Available – Expat Vulnerabilities

Release 1.7.8p3 upgrades the bundled Expat XML parser to release 2.2.1 which fixes some vulnerabilities. Upgrading from earlier releases is highly recommended. Changelog