Author: bodewig
Date: Tue Jul 13 03:58:57 2021
New Revision: 48802
Log:
update release notes
Modified:
release/commons/compress/RELEASE-NOTES.txt
Modified: release/commons/compress/RELEASE-NOTES.txt
==============================================================================
--- release/commons/compress/RELEASE-NOTES.txt (original)
+++ release/commons/compress/RELEASE-NOTES.txt Tue Jul 13 03:58:57 2021
@@ -10,10 +10,11 @@ Release 1.21
Compress 1.21 is the first release to require Java 8 to build and run.
-SevenZFileOptions has a new setting that needs to be enabled explicity
-if SevenZFile should try to recover broken archives - a feature
-introduced with Commons Compress 1.19. This is a breaking change if
-you relied on the recovery attempt.
+SevenZFileOptions has a new setting that needs to be enabled
+explicitly if SevenZFile should try to recover broken archives - a
+feature introduced with Commons Compress 1.19. This is a breaking
+change if you relied on the recovery attempt. The change was made to
+detect broken archives sooner, and to mitigate the OOM exploit.
Several formats now throw IOExceptions when reading broken archives or
streams that would have caused arbitrary RuntimeExceptions in earlier
