Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 416670

Summary: Need to validate zip entry names and entry size to prevent zip poisoning
Product: [ECD] Orion Reporter: Simon Kaegi <simon_kaegi>
Component: ServerAssignee: Simon Kaegi <simon_kaegi>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: john.arthorne
Version: 3.0   
Target Milestone: 4.0 M2   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description Simon Kaegi CLA 2013-09-05 16:29:55 EDT 
We should ensure that both:
1) a zip entry name does not target a location above where we're unzipping
2) ensure individual zip entries are not excessively large
Comment 1 Simon Kaegi CLA 2013-09-09 16:23:59 EDT 
.