Important!!! Indy 10 and ZLib Cert advisory
Indy 10's ZLib support may be effected by a security flaw in ZLib 1.22.
There is a Cert
Advisory describing a security flaw in ZLib
1.22's inflate routine.
For over a year, Indy has been using a package called ZLibEx along with some modifications
to meet Indy coding standards and expose some internal routines. We
started using this when it became obvious that Borland's ZLib .obj files
were outdated and we needed new functionality in more recent versions of
ZLib. Currently, Indy 10 uses ZLibEx for the Compression Intercepts
and a "TIdCompressorZLibEx" component. If you are using the
TIdCompressorZLibEx component with TIdFTP, TIdFTPServer, or TIdHTTP, this
advisory could effect you and you really should update to the latest Indy 10
snapshots.
I have already updated Indy to use the latest version of ZLibEx. The
latest version of ZLibEx uses ZLib 1.23 which fixes the security flaw.
Some Delphi third-party component vendors also use ZLib in their work
and if they are using ZLib 1.21 or 1.22, you may want to contact them about this
advisory. I have already E-Mailed one vendor about this.
![[Image]](../../../gfx/Atozed.gif)
![[Image]](../../../gfx/Nevrona.gif){kind=small}
