https://bz.apache.org/bugzilla/show_bug.cgi?id=58499
--- Comment #6 from Javen O'Neal <one...@apache.org> --- The main purpose of the zip bomb detection is to safely handle untrusted input. Since a workbook that has already been fully read into memory has passed the safety test, I suppose you could consider it quasi-safe with regard to writing it back out. If you can't think of a way that a latent zip bomb could unwrap itself while writing the workbook that wasn't a result of poor (trusted) code, then I would agree with removing this limit when writing. Not being a security expert, the safer option is to set different read and write limits. Let's continue the discussion on the POI dev mailing dev@poi.apache.org. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
