Skip to content

2.5.1
Compare
Choose a tag to compare
@jhudsonWA jhudsonWA released this 17 Jun 17:48
· 21 commits to master since this release
2.5.1
b3f90f9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Bumps the version of minizip used to 3.0.6 which includes fixes for two buffer overflow issues [fixed in 3.0.5+] (Thank you LB who reached out via email)

Reminder:

Version 2.5.0+ Updates Minimum OS Versions

A key dependency of this project is the zlib library. zlib before version 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches according to CVE-2018-25032.

zlib 1.2.12 is included in macOS 10.15+ (with latest security patches), iOS 15.5+, tvOS 15.4+, watchOS 8.4+. As such, these OS versions will be the new minimums as of version 2.5.0 of ZipArchive.

If you need support for previous versions of ZipArchive for earlier OS support you can target an earlier version but know you will be using an unmaintained version of this library.

We will not support versions of ZipArchive that use dependencies with known vulnerabilities.

Assets 2