I'm fine with using ZipFile directly internally in SWSSFWorkbook. A quick look did not reveal any glaring security problem with doing this. We mostly prevent denial-of-service types of attacks here so if a malicious user can overwrite the temporary file he can do lots of other bad things anyway...
Dominik. On Tue, Jun 21, 2016 at 12:18 AM, Javen O'Neal <[email protected]> wrote: > On Jun 20, 2016 2:41 PM, "Axel Howind" <[email protected]> wrote: > > How should I submit a patch? > > Once there is consensus on how POI should handle this, open a new bug that > "depends on" bug 58499. >
