XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.17
    • Component/s: Archivers, Compressors
    • Labels:
      None

      Description

      It would be a nice feature if ZipFile had support for detecting Zip Bombs.

      Apache Poi has an implementation based on the java util ZipFile but this relies on Reflection and changes in Java 10 mean this code will not work in that version.

      https://github.com/apache/poi/blob/trunk/src/ooxml/java/org/apache/poi/openxml4j/util/ZipSecureFile.java

      One option would be to add equivalent change support in commons-compress and for Poi to use the commons version.

        Attachments

        1. InputStreamStatistics.patch.gz
          12 kB
          Andreas Beeker

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              pj.fanning PJ Fanning
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: