You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2020/09/30 09:31:50 UTC

[GitHub] [camel] coheigea edited a comment on pull request #4314: CAMEL-15591 - Put a configurable limit on the size of unzipped data u…

coheigea edited a comment on pull request #4314:
URL: https://github.com/apache/camel/pull/4314#issuecomment-701274914


   @oscerd  Done.
   @bedlaj 1GB is admittedly arbitrary - I just chose it as it seems unlikely to me for most use-cases that one will be uncompressing to a size  > 1GB. Agreed about having to update the migration guide if this change is accepted. I fixed the Checkstyle issue, thanks.
   @davsclaus The problem is that with one of the files here (https://www.bamsoftware.com/hacks/zipbomb/) it can potentially unzip to 4.5 PB, so spooling to disk won't help. I don't really mind disabling the default limit, but then this is not "secure by default". Would a higher limit of say 10GB be more acceptable? Let me know + I'll change it to whatever you suggest.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org