home

about

license

support

K/Base

Indy
HomeContactsSite Map


Important!!! Indy 10 and ZLib Cert advisory

There is a Cert Advisory describing a security flaw in ZLib 1.22's inflate routine. 

For over a year, Indy has been using a package called ZLibEx along with some modifications to meet Indy coding standards and expose some internal routines.   We started using this when it became obvious that Borland's ZLib .obj files were outdated and we needed new functionality in more recent versions of ZLib.  Currently, Indy 10 uses ZLibEx for the Compression Intercepts and a "TIdCompressorZLibEx" component.  If you are using the TIdCompressorZLibEx component with TIdFTP, TIdFTPServer, or TIdHTTP, this advisory could effect you and you really should update to the latest Indy 10 snapshots.

I have already updated Indy to use the latest version of ZLibEx.  The latest version of ZLibEx uses ZLib 1.23 which fixes the security flaw.

Some Delphi third-party component vendors also use ZLib in their work and if they are using ZLib 1.21 or 1.22, you may want to contact them about this advisory.  I have already E-Mailed one vendor about this.


Corporate Sponsors

Atozed







home

about

license

support

K/Base

site map

links

Copyright © 1993 - 2008 Chad Z. Hower (Kudzu) and the Indy Pit Crew.          Website design by RuInternet.ru