https://bz.apache.org/bugzilla/show_bug.cgi?id=69867
--- Comment #4 from Jacobo Aragunde PĂ©rez <[email protected]> --- Hi again, sorry it took a while to get back to this topic. I agree with encouraging users who are e.g. running a service that processes documents which origin they don't control, to do their own checks. Still, they would have to lower (or make 0) the MIN_INFLATE_RATIO to be able to process a document with POI if it triggers a false positive. MIN_INFLATE_RATIO is a public static attribute and will have effects anywhere that attribute might be used and even in other running threads, which sounds a bit scary. I would like to add a bit of code to check the compressed size reported by the ZipArchiveEntry for the situations when we have that information. We already have an `entry` attribute we can use for that. I sent a PR to show what I mean: https://github.com/apache/poi/pull/1027 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
