dave2wave commented on issue #341: URL: https://github.com/apache/tooling-trusted-releases/issues/341#issuecomment-3572435515
For projects that handle document formats that are based zip file systems like all modern Office documents Zip Bombs and XML Entity Expansion have been a major security issue and have required numerous CVEs over the years. Any file uploaded to ATR that has a zip bomb may lead to DOS issue on server capacity. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
