You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2020/09/30 11:31:56 UTC

[GitHub] [camel] bedlaj commented on pull request #4314: CAMEL-15591 - Put a configurable limit on the size of unzipped data u…

bedlaj commented on pull request #4314:
URL: https://github.com/apache/camel/pull/4314#issuecomment-701332508


   Thanks for mentioning zip bombs. I was not thinking about this attack vector while reviewing this PR. Still not sure, if there is any magic default value, which will be secure on all platforms. Maybe another option would be computing compress ration on the fly while decompressing and throw exception while it is going to exceed configured max compress ratio Eg. 50 or 100 ratio might be reasonable default. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org