Uploads and Zip Bombs

Uploaded files

Uploaded files are stored in the folder pointed to by the java.io.tmp environment variable.

For security purposes, we recommend that you use the relevant operating system tool to ensure that 'execute' permissions are removed for this folder.

Zip Bomb Threshold

By default a Zip bomb threshold is set to prevent the uploading of heavily compressed archives to avoid these files destabilising the server.

To change the threshold, add the following lines to the settings.properties file, setting your desired value.

Enable this to allow uploading heavily compressed archives, with a compressed/uncompressed ratio of greater than 1:100. The default value is 0.01.