[Insight-developers] Itkzlib stuck at version 1.1.4?
Sean McBride
sean at rogue-research.com
Thu Jul 19 11:20:49 EDT 2007
On 7/18/07 5:57 PM, Luis Ibanez said:
>To my knowledge, there is no particular reason why we are sticking to
>zlib 1.1.4. Being pragmatic, it takes a certain amount of effort to update
>the libraries, so we usually wait until there is a compelling reason for
>updating.
>
>The more ITK gets used in clinical applications, the more careful we should
>be when updating components. This actually discourage us from continuously
>updating all the third party libraries, since these update bring
>uncertainty,
>and sometimes they raise backward compatibility issues.
All true, and all important. OTOH, new versions often bring security
fixes, which are also important in clinical applications.
A quick search of 'zlib' here gives quite a few known security-related
problems:
<http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=zlib>
CVE-2003-0107 looks like it could apply to ITK.
The current zlib is 1.2.3, released 2 years ago yesterday. My guess is
it stable.
--
____________________________________________________________
Sean McBride, B. Eng sean at rogue-research.com
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
More information about the Insight-developers
mailing list