coheigea edited a comment on pull request #4314: URL: https://github.com/apache/camel/pull/4314#issuecomment-701274914
@oscerd Done. @bedlaj 1GB is admittedly arbitrary - I just chose it as it seems unlikely to me for most use-cases that one will be uncompressing to a size > 1GB. Agreed about having to update the migration guide if this change is accepted. I fixed the Checkstyle issue, thanks. @davsclaus The problem is that with one of the files here (https://www.bamsoftware.com/hacks/zipbomb/) it can potentially unzip to 4.5 PB, so spooling to disk won't help. I don't really mind disabling the default limit, but then this is not "secure by default". Would a higher limit of say 10GB be more acceptable? Let me know + I'll change it to whatever you suggest. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
