is ziparchive secure

[yamaharr1]

I've been doing lots of reading but haven't found anything up to date, is ziparchive secure?

The last thing I've found was in 2012 and showed it to be a security risk, is this still the case or has it all been sorted?

 

[cPanelMichael]

Hello

Could you clarify the specific application you are referring to, and what method you are using to install it? For instance, is this the ZipArchive PHP class?

Thank you.

 

[yamaharr1]

Hello

Yes the PHP ZipArchive,

I haven't looked into the install method if it is available as a module then that way otherwise whichever is available.

 

[cPanelMichael]

You can select "Zip" as a PHP module under the "Exhaustive Options List" for PHP. I am not aware of any specific security concerns regarding this module, but feel free to reference a specific security report and we can investigate that for you.

Thank you.

 

[yamaharr1]

There was a security risk with relative paths in 2009 that was supposedly fixed but it seemed to pop back up in 2012 I can't find any information in regards to it being secure or insecure now.

I will have to guess that if it was insecure there would be more information out in posts, if you do come across anything that would be great, thank you.