POCO C++ Libraries Blog

News and discussion for the POCO Community


Release 1.9.4 Available

This is a security-focused maintenance release that fixes a CVE (CVE-2019-15903) in the bundled libexpat XML parser library by updating it to release 2.2.8. Upgrading to this release is highly recommended.

Tagged

Release 1.9.2 Available

This is a maintenance release that most importantly updates the bundled libexpat XML parser library to release 2.2.7, which fixes a potential vulnerability (CVE-2018-20843). The release also includes fixes to CMake when building on Windows with a Windows 10 SDK (mc.exe not found) and to the caching framework. See the CHANGELOG for details. Upgrading is […]

Tagged

Patch Release 1.7.9p1 Available Fixing Potential Vulnerability in Zip Library

Release 1.7.9p1 fixes a potential vulnerability in the Zip library. The checks Poco::Zip::Decompress performs on an Zip archive entry file name before extracting that file were insufficient. This would allow an attacker to craft a malicious Zip archive containing files with absolute paths, or paths relative to the current user’s home directory on Linux/Unix platforms. […]


Release 1.7.8p3 Available – Expat Vulnerabilities

Release 1.7.8p3 upgrades the bundled Expat XML parser to release 2.2.1 which fixes some vulnerabilities. Upgrading from earlier releases is highly recommended. Changelog