Agreed, too early.
No need to make it more complex:
Suggestion:
- First phase: put some notes in Javadoc about this. I'll be happy to
suggest / draft a PR. Adding to javadoc should be uncontroversial and
immediately implementable. Right?
- Second phase: More thorough analysis: How can the JD
On 23/04/2025 09:24, Lars Bruun-Hansen wrote:
:
There is also a security angle: Spoofing file names in ZIP files
is a common technique. Some implementations takes cautionary
steps on this. For example, the Windows Explorer's ZIP reader
simply will not show entries which start with ".." or ".".
W
I would like to propose a strengthening of the security posture
of the ZIP file implementation.
The java.util.zip implementation is, according to the package docs,
based on the Info-ZIP specification [1] which itself states to be based
on PKWARE's appnote.txt [2]. The latter is probably considered
