Thank you for raising this. I did a quick review of our code base when
the most recent zip slip story was in the news. It looks to me like we’re
properly defending against the vulnerability. However, it is entirely
possible that I missed something. I’ll check again tomorrow and respond to
  If you ever do identify a vulnerability, please send a note to
   Thank you!


P.S. Would you be willing to share how you’re using Tika at Microsoft? We
know of 2 MS projects using it, but we’d be interested in hearing about

On Wed, Jul 11, 2018 at 6:57 PM Carey MacDonald <[EMAIL PROTECTED]>