Patch Release 1.7.9p1 Available Fixing Potential Vulnerability in Zip Library

Release 1.7.9p1 fixes a potential vulnerability in the Zip library. The checks Poco::Zip::Decompress performs on an Zip archive entry file name before extracting that file were insufficient. This would allow an attacker to craft a malicious Zip archive containing files with absolute paths, or paths relative to the current user’s home directory on Linux/Unix platforms. A Poco::Zip::Decompress instance running in a process with sufficient privileges would then extract that file to that specified path. This could be used to overwrite important system files. We recomment to upgrade to this release if your application uses Poco::Zip::Decompress to extract Zip files of potentially unknown origin.