bedlaj commented on pull request #4314: URL: https://github.com/apache/camel/pull/4314#issuecomment-701332508
Thanks for mentioning zip bombs. I was not thinking about this attack vector while reviewing this PR. Still not sure, if there is any magic default value, which will be secure on all platforms. Maybe another option would be computing compress ration on the fly while decompressing and throw exception while it is going to exceed configured max compress ratio Eg. 50 or 100 ratio might be reasonable default. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
