[Insight-developers] Itkzlib stuck at version 1.1.4?
Luis Ibanez
luis.ibanez at kitware.com
Thu Jul 19 11:36:08 EDT 2007
Kent, Sean,
Thanks for the additional details.
Both sounds like a firm vote for updating the zlib library in ITK.
Any volunteers ?
Luis
------------------
Sean McBride wrote:
> On 7/18/07 5:57 PM, Luis Ibanez said:
>
>
>>To my knowledge, there is no particular reason why we are sticking to
>>zlib 1.1.4. Being pragmatic, it takes a certain amount of effort to update
>>the libraries, so we usually wait until there is a compelling reason for
>>updating.
>>
>>The more ITK gets used in clinical applications, the more careful we should
>>be when updating components. This actually discourage us from continuously
>>updating all the third party libraries, since these update bring
>>uncertainty,
>>and sometimes they raise backward compatibility issues.
>
>
> All true, and all important. OTOH, new versions often bring security
> fixes, which are also important in clinical applications.
>
> A quick search of 'zlib' here gives quite a few known security-related
> problems:
> <http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=zlib>
>
> CVE-2003-0107 looks like it could apply to ITK.
>
> The current zlib is 1.2.3, released 2 years ago yesterday. My guess is
> it stable.
>
More information about the Insight-developers
mailing list