Hello capnproto-announce,
Three security flaws have been found in Cap'n Proto that could allow denial of service and possibly exfiltration of memory. If you use the Cap'n Proto C++ implementation to process messages from possibly-malicious sources, you should update immediately to one of the following releases:
We have implemented a number of preventative measures that should catch these kinds of bugs in the future, including multiple kinds of fuzz testing as well as template-metaprogramming-based static analysis. Please read the blog post for details:
https://capnproto.org/news/2015-03-02-security-advisory-and-integer-overflow-protection.html
Thanks to Ben Laurie for reporting two of the problems and American Fuzzy Lop for finding them. (The third problem was found through our new static analysis.)
-Kenton