sahvx655-wq opened a new pull request, #516: URL: https://github.com/apache/felix-dev/pull/516
This PR prevents Zip Slip / Path Traversal issues during ZIP and JAR archive extraction by validating archive entry paths before writing files to disk. Entries that would resolve outside the intended extraction directory are rejected, ensuring extraction remains confined to the target location. In addition to the implementation changes, regression tests have been added to verify that malicious archives containing traversal entries (for example, `../../evil.txt`) are rejected and cause extraction to fail safely. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
