#312 Windows: Outdated expat library
Dear GNUPlot-Team,
During a recent security assessment of the GNUPlot installation on Windows, we identified that an outdated version of the libexpat library is currently in use. The assessment was performed against GNUPlot version 6.0.4. Specifically, dependency analysis and direct version inspection of the included DLL file revealed that GNUPlot ships with libexpat-1.dll version 2.2.9.
This version of libexpat is no longer up to date and may contain vulnerabilities that have been addressed in more recent releases. The use of outdated third-party libraries can introduce potential security risks, particularly in components responsible for parsing structured data such as XML.
We kindly ask you to verify this finding and assess whether the reported version is indeed still being distributed as part of the Windows build. If confirmed, we recommend updating the bundled libexpat library to a more recent and supported version in order to reduce potential security exposure and align with current best practices for dependency management.
Thank you in advance for your review and consideration.
Ticket moved from /p/gnuplot/bugs/2870/
Can't be converted: