POCO C++ Libraries Blog

News and discussion for the POCO Community


Patch Release 1.8.0.1 Available

1.8.0.1 is a patch release for 1.8.0 that fixes a file corruption issue in the Zip library caused by a change to Poco::DeflatingStream in 1.8.0. Upgrading is strongly recommended.


Release 1.8.0 Available

POCO C++ Libraries release 1.8.0 is available. This release brings Unix Domain Socket support in the Net library, Zip64 support in the Zip library, an XML stream parser API, the new Redis client library, support for connection string URIs in the MongoDB client library and a couple of other improvements and bugfixes. This release still […]


Patch Release 1.7.9p2 Available

Release 1.7.9p2 of the POCO C++ Libraries is available. This is a minor bugfix release that fixes the Zip testsuite build for non-static builds on Windows platforms. Note that the previous release, 1.7.9p1, fixed a potential vulnerability in the Zip library.


Patch Release 1.7.9p1 Available Fixing Potential Vulnerability in Zip Library

Release 1.7.9p1 fixes a potential vulnerability in the Zip library. The checks Poco::Zip::Decompress performs on an Zip archive entry file name before extracting that file were insufficient. This would allow an attacker to craft a malicious Zip archive containing files with absolute paths, or paths relative to the current user’s home directory on Linux/Unix platforms. […]