> If you rely on stable archives for security (ensuring you don’t accidentally trigger a tarbomb, for example), we recommend you switch to release assets instead of using source downloads.
Isn't that actually the only way you could get a zipbomb? git-archive will never generate a zipbomb...
2 comments
[ 1.0 ms ] story [ 12.4 ms ] threadIsn't that actually the only way you could get a zipbomb? git-archive will never generate a zipbomb...