zlib 1.3.1 Release Notes

January 22, 2024

Version 1.3.1 has these key changes:

Reject overflows of zip header fields in minizip

Fix bug in inflateSync() for data held in bit buffer

Add LIT_MEM define to use more memory for a small deflate speedup

Fix decision on the emission of Zip64 end records in minizip

Add bounds checking to ERR_MSG() macro, used by zError()

Neutralize zip file traversal attacks in miniunz

Fix a bug in ZLIB_DEBUG compiles in check_match()

zlib 1.3 Release Notes

August 18, 2023

Version 1.3 has these key changes:

Building using K&R (pre-ANSI) function definitions is no longer supported.

Fixed a bug in deflateBound() for level 0 and memLevel 9.

Fixed a bug when gzungetc() is used immediately after gzopen().

Fixed a bug when using gzflush() with a very small buffer.

Fixed a crash when gzsetparams() is attempted for a transparent write.

Fixed test/example.c to work with FORCE_STORED.

Fixed minizip to allow it to open an empty zip file.

Fixed reading disk number start on zip64 files in minizip.

Fixed a logic error in minizip argument processing.

zlib 1.2.13 release notes

October 13, 2022

Version 1.2.13 has these key updates:

Fix a bug when getting a gzip header extra field with inflateGetHeader(). This remedies CVE-2022-37434.
Fix a bug in block type selection when Z_FIXED used. Now the smallest block type is selected, for better compression.
Fix a configure issue that discarded the provided CC definition.
Correct incorrect inputs provided to the CRC functions. This mitigates a bug in Java.
Repair prototypes and exporting of the new CRC functions.
Fix inflateBack to detect invalid input with distances too far.

Due to the first bug fix, any installations of 1.2.12 or earlier should be replaced with 1.2.13.

Provide feedback