PJ Fanning created COMPRESS-445:
-----------------------------------
Summary: Zip Bomb Detection
Key: COMPRESS-445
URL: https://issues.apache.org/jira/browse/COMPRESS-445
Project: Commons Compress
Issue Type: Improvement
Components: Archivers
Reporter: PJ Fanning
It would be a nice feature if ZipFile had support for detecting Zip Bombs.
Apache Poi has an implementation based on the java util ZipFile but this relies
on Reflection and changes in Java 10 mean this code will not work in that
version.
[https://github.com/apache/poi/blob/trunk/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java]
One option would be to add equivalent change support in commons-compress and
for Poi to use the commons version.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
