The POCO C++ Libraries Blog

Archive: News

Patch Release 1.8.0.1 Available

Filed under: News by guenter at 18:36

1.8.0.1 is a patch release for 1.8.0 that fixes a file corruption issue in the Zip library caused by a change to Poco::DeflatingStream in 1.8.0. Upgrading is strongly recommended.

Release 1.8.0 Available

Filed under: News by guenter at 20:49

POCO C++ Libraries release 1.8.0 is available. This release brings Unix Domain Socket support in the Net library, Zip64 support in the Zip library, an XML stream parser API, the new Redis client library, support for connection string URIs in the MongoDB client library and a couple of other improvements and bugfixes. This release still supports C++03 compilers, including Visual C++ 2008. Support for OpenVMS has finally been removed, though.

Patch Release 1.7.9p2 Available

Filed under: News by guenter at 15:52

Release 1.7.9p2 of the POCO C++ Libraries is available. This is a minor bugfix release that fixes the Zip testsuite build for non-static builds on Windows platforms. Note that the previous release, 1.7.9p1, fixed a potential vulnerability in the Zip library.

Patch Release 1.7.9p1 Available Fixing Potential Vulnerability in Zip Library

Filed under: News,Security by guenter at 19:55

Release 1.7.9p1 fixes a potential vulnerability in the Zip library. The checks Poco::Zip::Decompress performs on an Zip archive entry file name before extracting that file were insufficient. This would allow an attacker to craft a malicious Zip archive containing files with absolute paths, or paths relative to the current user’s home directory on Linux/Unix platforms. A Poco::Zip::Decompress instance running in a process with sufficient privileges would then extract that file to that specified path. This could be used to overwrite important system files. We recomment to upgrade to this release if your application uses Poco::Zip::Decompress to extract Zip files of potentially unknown origin.

Maintenance Release 1.7.9 Available

Filed under: News by guenter at 21:58

Release 1.7.9 is available. This release upgrades the bundled Expat XML parser to release 2.2.3 and also fixes a few issues in the XML library. There have also been changes to Poco::Util::LayeredConfiguration, PageCompiler and Poco::NamedEvent/Poco::NamedMutex.

Please see the Changelog for details.

Release 1.7.8p3 Available – Expat Vulnerabilities

Filed under: News,Security by guenter at 10:01

Release 1.7.8p3 upgrades the bundled Expat XML parser to release 2.2.1 which fixes some
vulnerabilities. Upgrading from earlier releases is highly recommended.

Changelog

Release 1.7.8 Available

Filed under: News by guenter at 15:38

Release 1.7.8 of the POCO C++ Libraries is available.

This is a maintenance release containing significant improvements and bugfixes in the Foundation, Net, Zip and MongoDB libraries. Furthermore, the bundled SQLite, zlib, PCRE and double-conversion libraries have been upgraded to current releases.

Incidentally, release 1.7.8 marks the 12th anniversary of the first public POCO C++ Libraries release on February 21, 2005, as evident from the CHANGELOG, which obviously also lists all changes in this latest release.

Release 1.7.7 Available

Filed under: News by guenter at 09:46

Release 1.7.7 of the POCO C++ Libraries is available.
This maintenance release contains bugfixes and improvements in the Foundation, JSON, Net, NetSSL, Data/ODBC, Data/SQLite and Zip libraries.
On Apple platforms, the latest Xcode 8.2 toolchains are supported and an IPv6 DNS issue on iOS and related platforms causing rejection of apps during App Store validation has been fixed. The NetSSL_OpenSSL library now can be compiled with OpenSSL 1.1.x.
As usual, the full list of changes in in the CHANGELOG. Upgrading to this release is recommended.

Release 1.7.6 Available

Filed under: News by guenter at 23:07

Release 1.7.6 of the POCO C++ Libraries is available.
This release contains bugfixes and improvements in the Foundation, XML, Util, Net, Data/MySQL and Zip libraries. A special focus of this release was correcting a couple of non-critical issues reported by static code analysis tools.
As usual, the full list of changes in in the CHANGELOG. Upgrading to this release is recommended.

CII Best Practices

Filed under: Development,News by guenter at 09:35

I recently did a review of our project with regards to the Core Infrastructure Initiative (CII) Best Practices, in order to ensure we’re following industry best practices with POCO.

Things looked very good, with only a few best practices missing, which I have fixed in the meantime:

  • Updated the CONTRIBUTING.md file to include a statement on reporting security issues via email and added a link to that file to README.md.
  • Updated the instructions for preparing a release in the Wiki to include running clang-analyzer.
  • Enabled HTTPS for the project website (using a Let’s Encrypt certificate and certbot-auto), which was actually most of the work (including fixing all links, etc.).
  • Ran clang-analyzer on the code base for peace of mind 😉

We can now proudly show the CII Best Practices badge on our GitHub page:

The POCO C++ Libraries are being used in a lot of important projects in lots of different areas, from server and desktop applications, mobile apps to Internet of Things and connected devices in factories, homes and buildings, infrastructure as well as vehicles. Following established best practices and giving our best to ensure high-quality releases is my main priority.

Next Page »