osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ANN] Apache Commons Compress 1.18 Released


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Apache Commons Team is pleased to announce the release of Apache
Commons Compress 1.18.

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

This release is a bugfix release. One of the changes to the ZIP
package fixes a flaw that can be exploited as a denial of service
attack, see the separate announcment mail.

Source and binary distributions are available for download from the
Apache Commons download site:

http://commons.apache.org/proper/commons-compress/download_compress.cgi

When downloading, please verify signatures using the KEYS file available
at the above location when downloading the release.

Changes in this version include:

Release 1.18
- ------------

New features:
o It is now possible to specify the arguments of zstd-jni's
  ZstdOutputStream constructors via Commons Compress as well.
  Issue: COMPRESS-460.
  Thanks to Carmi Grushko.

Fixed Bugs:
o The example Expander class has been vulnerable to a path
  traversal in the edge case that happens when the target
  directory has a sibling directory and the name of the target
  directory is a prefix of the sibling directory's name.
  Thanks to Didier Loiseau.
o Changed the OSGi Import-Package to also optionally import
  javax.crypto so encrypted archives can be read.
  Issue: COMPRESS-456.
o Changed various implementations of the close method to better
  ensure all held resources get closed even if exceptions are
  thrown during the closing the stream.
  Issue: COMPRESS-457.
o ZipArchiveInputStream can now detect the APK Signing Block
  used in signed Android APK files and treats it as an "end of
  archive" marker.
  Issue: COMPRESS-455.
o The cpio streams didn't handle archives using a multi-byte
  encoding properly.
  Issue: COMPRESS-459.
  Thanks to Jens Reimann.
o ZipArchiveInputStream#read would silently return -1 on a
  corrupted stored entry and even return > 0 after hitting the
  end of the archive.
  Issue: COMPRESS-463.
o ArArchiveInputStream#read would allow to read from the stream
  without opening an entry at all.
  Issue: COMPRESS-462.

For complete information on Commons Compress, including instructions
on how to submit bug reports, patches, or suggestions for improvement,
see the Apache Commons Compress website:

http://commons.apache.org/compress/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlt1b+sACgkQohFa4V9ri3K6MgCcDFoRN+INIVuz6vv+zoHvPfG2
K70AoI+rzG6+LrmlEUfxZXc8L0leOlXd
=ZVA5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxxxx