You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "PJ Fanning (JIRA)" <ji...@apache.org> on 2018/03/04 19:41:00 UTC

[jira] [Created] (COMPRESS-445) Zip Bomb Detection

PJ Fanning created COMPRESS-445:
-----------------------------------

             Summary: Zip Bomb Detection
                 Key: COMPRESS-445
                 URL: https://issues.apache.org/jira/browse/COMPRESS-445
             Project: Commons Compress
          Issue Type: Improvement
          Components: Archivers
            Reporter: PJ Fanning


It would be a nice feature if ZipFile had support for detecting Zip Bombs.

Apache Poi has an implementation based on the java util ZipFile but this relies on Reflection and changes in Java 10 mean this code will not work in that version.

[https://github.com/apache/poi/blob/trunk/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java]

One option would be to add equivalent change support in commons-compress and for Poi to use the commons version.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)