Giters

OpenAS2 / OpenAs2App

OpenAS2 is a java-based implementation of the EDIINT AS2 standard. It is intended to be used as a server. It is extremely configurable and supports a wide variety of signing and encryption algorithms.

Home Page:https://sourceforge.net/projects/openas2/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Overlapping Zipped Files creates a Zib-Bomb Warning

igwtech opened this issue · comments

commented

OpenAs2App/Server/pom.xml

Line 110 in 9151132

<zipfileset dir="${package.assembly.dir}" encoding="UTF-8"

This ant-run command creates a Zip file with overlapping files which creates a warning of a Zip-Bomb situation while unpacking.
I suggest it gets reversed

commented

The problem is the "basedir" attribute on the <zip> element which is effectively adding a <fileset> element for all files then the embedded 2 duplicate that but with the permisions set correctly.
I will remove it for the next release.

commented

Fixed in 3.2.1