You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "PJ Fanning (JIRA)" <ji...@apache.org> on 2018/03/04 19:41:00 UTC
[jira] [Created] (COMPRESS-445) Zip Bomb Detection
PJ Fanning created COMPRESS-445:
-----------------------------------
Summary: Zip Bomb Detection
Key: COMPRESS-445
URL: https://issues.apache.org/jira/browse/COMPRESS-445
Project: Commons Compress
Issue Type: Improvement
Components: Archivers
Reporter: PJ Fanning
It would be a nice feature if ZipFile had support for detecting Zip Bombs.
Apache Poi has an implementation based on the java util ZipFile but this relies on Reflection and changes in Java 10 mean this code will not work in that version.
[https://github.com/apache/poi/blob/trunk/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java]
One option would be to add equivalent change support in commons-compress and for Poi to use the commons version.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)