PJ Fanning created COMPRESS-445: ----------------------------------- Summary: Zip Bomb Detection Key: COMPRESS-445 URL: https://issues.apache.org/jira/browse/COMPRESS-445 Project: Commons Compress Issue Type: Improvement Components: Archivers Reporter: PJ Fanning
It would be a nice feature if ZipFile had support for detecting Zip Bombs. Apache Poi has an implementation based on the java util ZipFile but this relies on Reflection and changes in Java 10 mean this code will not work in that version. [https://github.com/apache/poi/blob/trunk/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java] One option would be to add equivalent change support in commons-compress and for Poi to use the commons version. -- This message was sent by Atlassian JIRA (v7.6.3#76005)