Skip to content

4.4.1

Compare
Choose a tag to compare
@tayloraswift tayloraswift released this 04 Apr 00:28
· 30 commits to master since this release

this release patches a critical vulnerability that occurs when the DEFLATE backend attempts to compress very short inputs (less than 3 bytes) causing a runtime crash.

for applications using the library for PNG compression, the attack is only effective if the server is asked to compress a 1x1 pixel grayscale image, as all other types of PNG images create data streams that are longer than 2 bytes.

all Swift PNG users are advised to upgrade to 4.4.1 immediately.