[GitHub] [geronimo-batchee] raboof commented on pull request #12: [SECURITY] Fix Zip Slip Vulnerability

raboof commented on PR #12: URL: https://github.com/apache/geronimo-batchee/pull/12#issuecomment-1306969667 > Does this need a CVE assigned to it? This is up to the Apache Geronimo team to decide. It is not clear to me whether the zip files processed here are assumed come from

[GitHub] [geronimo-batchee] rmannibucau commented on pull request #12: [SECURITY] Fix Zip Slip Vulnerability

rmannibucau commented on PR #12: URL: https://github.com/apache/geronimo-batchee/pull/12#issuecomment-1307129384 Theorically from anywhere but it should really come from a trusted source (same as webapps/ folder of tomcat if you are more familiar with it). There is also a pending