=== on 24 May 2018, 13:51:37 Alexandre Gigleux wrote:
Related and not fully linked to this RSPEC

Using https://commons.apache.org/proper/commons-compress/[Apache Common Compress] 1.17 and it's new ``++InputStreamStatistics++`` can help to detect abnormally high compression ratios that may indicate a ZIP bomb during decompression as described in https://wiki.sei.cmu.edu/confluence/display/java/IDS04-J.+Safely+extract+files+from+ZipInputStream[CERT, IDS04-J.]



=== on 26 Nov 2018, 17:48:21 Michael Gumowski wrote:
Dropping the rule from SonarWay, as 1st implementation is not reaching sufficient quality when looking at results.