The openNURBS 7 and openNURBS 6 toolkit uses zlib version 1.2.3. Our tool reported zlib 1.2.3 as vulnerable.
The most recent version of zlib.available on “https://zlib.net/” is 1.2.11. Are there any plans to move to move to zlib version 1.2.11 in openNURBS 7.0?
Upgrading the version of zlib used by openNURBS will require a lot of careful backward compatibility testing. We have millions of compressed meshes in existing 3dm data sets.
Hi @dale, if I remember correctly the issue is that earlier versions of zlib don’t have all of the symbols decorated with the Z_PREFIX macro. I believe ZLIB 1.2.11 fixes most but not all of these. I have an old branch on GitHub where I tried fixing these up and was able to link a static version of ZLIB:
That branch also adds CMake support for opennurbs; would there be any interest in merging that if I submitted a PR?
There is no tentative release schedule for Rhino 8. We just release Rhino 7 back in November. Rhino 6 was released two years prior to that, just for some perspective.
Currently we use openNURBS 5 (as a DLL) to read Rhino models. We built openNURBS 5 DLL with Microsoft Visual Studio 2010 SP1. But, it is dependent on vulnerable Microsoft runtime DLL “msvcr100.dll”.
So, we are planning to build openNURBS 5 with Microsoft Visual Studio 2019 (Update 7) for now. Is that fine?
Initially we planned to move to openNURBS 7, but, it looks like there is a major change in openNURBS 6/7 architecture. So, we have to rewrite import code that would take considerable time.
So, for now we are planning to compile openNURBS 5 with Visual Studio 2019.
I doubt anyone here (at McNeel) has tried building openNURBS 5 with Visual C++ 2019. Let us know if you run into any issues.
Certainly, this is your decision. My guess is that most if our customers are using newer versions of Rhino. Thus, you won’t be able to read .3dm files from them.