Hello Apache Tika developers,
We have recently become aware of a vulnerability called "Zip Slip" where Java code that uses certain zip extraction methods may be vulnerable to malicious attacks if a particular zip is extracted in a certain way.   The information on the vulnerability can be found on this Github repo<https://github.com/snyk/zip-slip-vulnerability>.  Has it been investigated whether or not Tika is vulnerable to this kind of attack, and if so has it been fixed?  We are using Tika 1.18 via the tika-server application, but I imagine it could affect multiple different use cases if it was a problem.  I noticed that Tika was not on the list of affected projects, but we just wanted to confirm that that was because it was safe just in case Tika had just been overlooked as part of the investigations.  If Tika is vulnerable, is there a known fix or workaround in flight that we should be aware of?
Thanks,
Carey MacDonald
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB