You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by bu...@apache.org on 2015/06/20 17:39:26 UTC
[Bug 50090] 'zip' bomb prevention
https://bz.apache.org/bugzilla/show_bug.cgi?id=50090
--- Comment #3 from Andreas Beeker <ki...@apache.org> ---
Created attachment 32839
--> https://bz.apache.org/bugzilla/attachment.cgi?id=32839&action=edit
[Patch] Zip bomb patch
Here is my zip bomb patch.
I had to reflect into the ZipFile class to get to the raw bits,
which might be a problem with Java 9.
Furthermore there might be a slight decrease in OOXML processing performance,
which I haven't profiled.
Should there be an option to bypass the new handling?
If nobody complaints, I'll apply the patch on 24.06.2015 and check the jenkins
results for other runtimes.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org