-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[Re-Sending with fixed subject, sorry]
The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.19.
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
This release is mostly a bugfix release, for a full list of changes see
below.
ZipArchiveInputStream and ZipFile will no longer throw an exception if
an extra field generally understood by Commons Compress is malformed
but rather turn them into UnrecognizedExtraField instances. You can
influence the way extra fields are parsed in more detail by using the
new getExtraFields(ExtraFieldParsingBehavior) method of
ZipArchiveEntry now.
Some of the ZIP extra fields related to strong encryption will now
throw ZipExceptions rather than ArrayIndexOutOfBoundsExceptions in
certain cases when used directly. There is no practical difference
when they are read via ZipArchiveInputStream or ZipFile.
Source and binary distributions are available for download from the
Apache Commons download site:
https://commons.apache.org/proper/commons-compress/download_compress.cgi
When downloading, please verify signatures using the KEYS file available
at the above location when downloading the release.
Changes in this version include:
New features:
o It is now possible to skip parsing of local file headers when
using ZipFile which may speed up reading the archive at the
cost of potentially missing important information. See the
javadocs of the ZipFile class for details.
Issue: COMPRESS-466.
o TarArchiveInputStream has a new constructor-arg lenient that
can be used to accept certain broken archives.
Issue: COMPRESS-469.
o ArjArchiveEntry and SevenZArchiveEntry now implement hashCode
and equals.
Issue: COMPRESS-475.
o Added a MultiReadOnlySeekableByteChannel class
that can be used to concatenate the parts of a multi volume 7z
archive so that SevenZFile can read them.
Issue: COMPRESS-231.
Thanks to Tim Underwood.
Fixed Bugs:
o ZipArchiveInputStream could forget the compression level has
changed under certain circumstances.
o Fixed another potential resource leak in
ParallelScatterZipCreator#writeTo.
Issue: COMPRESS-470.
o ArArchiveInputStream could think it had hit EOF prematurely.
Github Pull Request #74.
Thanks to Alex Bertram.
o Throw IOException rather than RuntimeExceptions for certain
malformed LZ4 or Snappy inputs.
Issue: COMPRESS-490.
o ZipArchiveInputStream failed to read stored entries with a
data descriptor if the data descriptor didn't use the
signature invented by InfoZIP.
Issue: COMPRESS-482.
Changes:
o SevenZFile now provides a way to cap memory consumption for
LZMA(2) compressed content.
Github Pull Request #76.
Issue: COMPRESS-481.
Thanks to Robin Schimpf.
o The ARJ package has been updated to contain constants for more
recent specifications.
Issue: COMPRESS-464.
Thanks to Rostislav Krasny.
o Update optional library zstd-jni from 1.3.3-3 to 1.4.0-1.
Issue: COMPRESS-484.
o ParallelScatterZipCreator now writes the entries to the
gathered output in the same order they have been added.
Github Pull Requests #78 and #79.
Issue: COMPRESS-485.
Thanks to Hervé Boutemy, Tibor Digana.
o The Expander and Archive example classes can leak resources
they have wrapped around passed in streams or channels. The
methods consuming streams and channels have been adapted to
give the calling code a chance to deal with those wrapper
resources.
Issue: COMPRESS-486.
o ZipArchiveInputStream and ZipFile no longer assume Commons
Compress would understand extra fields better than the writer
of the archive and silently turn extra fields that Commons
Compress should understand into UnrecognizedExtraFields if
parsing said fields fails.
It is now possible to take more control over the extra field
parsing process with a new overload of
ZipArchiveEntry#getExtraFields.
Issue: COMPRESS-479.
o ZipArchiveInputStream will now throw an exception if reading a
stored entry with a data descriptor and the data descriptor
doesn't match what it has actually read.
The most common case for a situation like this is a stored ZIP
archive inside of the archive ZipArchiveInputStream currently
reads. In such a case ZipArchiveInputStream would happily
extract the contained archive and stop once the central
directory of the inner archive has been hit. This is a case
where ZipArchiveInputStream simply can not be used and only
ZipFile is able to read the archive.
The only other explanation is a broken archive. So the
exception prevents users from thinking they had successfully
read the contents of the archive.
Issue: COMPRESS-483.
o The 7zip tools provide a default name for archive entries
without name;
