At present, the zlib docs say:
"1.1.3 has a security vulnerability, so we recommend
using 1.1.4 or later."
http://docs.python.org/lib/module-zlib.html
But, the zlib home page says:
"Version 1.2.2 eliminates a potential security
vulnerability in zlib 1.2.1, so all users of 1.2.1
should upgrade immediately. The following important
fixes are provided in zlib 1.2.2"
http://www.gzip.org/zlib/
So, I suggest the text of the Python docs should be
altered to read:
Version 1.2.1 has a security vulnerability, so we
recommend using 1.2.2 or later.
NB I only know what I read on the zlib home page, so
I've no particuliar domain knowledge.
While I am at it, the docs for both zlib and
zipfile.Zipfile could be a bit more explicit that zlib
is a 3rd party module not included with Python and
unlikely to present on a Windows box. I suggest that
the current zlib docs
"For applications that require data compression, the
functions in this module allow compression and
decompression, using the zlib library. The zlib library
has its own home page at http://www.gzip.org/zlib/."
http://docs.python.org/lib/module-zlib.html
be changed to:
For applications that require data compression, the
functions in this module allow compression and
decompression, using the third-party zlib library. The
zlib library can be downloaded from
http://www.gzip.org/zlib/.
and the Zipfile docs:
"If ZIP_DEFLATED is specified but the zlib module is
not available, RuntimeError is also raised."
http://docs.python.org/lib/zipfile-objects.html
be changed to:
If ZIP_DEFLATED is specified and the third-party zlib
module is not available, RuntimeError is also raised.
Thanks, and best,
Brian vdB
|