Apache Commons Compress 1.18 已发布,这是一个 Bug 修复版本, ZIP 软件包的其中一项更改修复了一个可以被用作拒绝服务攻击的漏洞。
下载地址:http://commons.apache.org/proper/commons-compress/download_compress.cgi
其它一些新特性
New features:
- It is now possible to specify the arguments of zstd-jni’s ZstdOutputStream constructors via Commons Compress as well.
Fixed Bugs:
- The example Expander class has been vulnerable to a path traversal in the edge case that happens when the target directory has a sibling directory and the name of the target directory is a prefix of the sibling directory’s name.
- Changed the OSGi Import-Package to also optionally import javax.crypto so encrypted archives can be read.
- Changed various implementations of the close method to better ensure all held resources get closed even if exceptions are thrown during the closing the stream.
- ZipArchiveInputStream can now detect the APK Signing Block used in signed Android APK files and treats it as an “end of archive” marker.
- The cpio streams didn’t handle archives using a multi-byte encoding properly.
- ZipArchiveInputStream#read would silently return -1 on a corrupted stored entry and even return > 0 after hitting the end of the archive.
- ArArchiveInputStream#read would allow to read from the stream without opening an entry at all.
Commons Compress 用以实现将文件压缩或解压成 tar、zip、bzip2 等格式。
下面代码将文件压缩成zip格式:
ArArchiveEntry entry = new ArArchiveEntry(name, size); arOutput.putArchiveEntry(entry); arOutput.write(contentOfEntry); arOutput.closeArchiveEntry();
Zip文件的解压缩:
ArArchiveEntry entry = (ArArchiveEntry) arInput.getNextEntry(); byte[] content = new byte[entry.getSize()]; LOOP UNTIL entry.getSize() HAS BEEN READ { arInput.read(content, offset, content.length - offset); }
转自 https://www.oschina.net/news/99024/apache-commons-compress-1-18-released