The vulnerability
Since 30 March, a security vulnerability in the widely used zlib program library that has existed for 17 years has received increased attention. The vulnerability is a problem that can occur when compressing (not decompressing) specially prepared data. In this case, an attacker must make the affected system compress this data.
Are regify products affected?
Yes, regify products also use the zlib in various places. Below we list the affected products, our assessment of the severity of the issue and further information:
| Product | Severity | Information |
| regify provider | Medium | With the update to regify Provider 5.2.0, the security issue will be resolved (release date is April 2022). |
| regigate | Medium | With the update to regigate 5.2.0, the security issue will be resolved (release date is April 2022). |
| regify Client (Windows, MacOS, Linux) | Low | Currently there is no high risk and we see no immediate need for action. A risk might exist for senders if they were to send a specially prepared file via regimail (which is very unlikely). |
| regify Client for mobile | Low |
Currently there is no high risk and we see no immediate need for action. A risk might exist for senders if they were to send a specially prepared file via regimail (which is very unlikely). |
| regibill Desktop, regipay Desktop and regimail Desktop | Low | Currently there is no high risk and we see no immediate need for action. A risk might exist for senders if they were to send a specially prepared file via regify Desktop (which is very unlikely). |
| regibox Manager (all OS) | No Risk | The regibox software does not support compression of user data and is therefore not affected. |
| regiboxd (all OS) | No Risk | The regiboxd software does not support compression of user data and is therefore not affected. |
| regipay Client (all OS) | No Risk | The regipay client software does not support compression of user data and is therefore not affected. |