This folder documents the security vulnerabilities affecting the zip crate. It is currently incomplete: RustSec tracks some old vulnerabilities and you should especially ensure you're using an up-to-date version of bzip2.
This folder contains a public key ([./zipadvisories.key]) which may be used for reporting sensitive vulnerabilities to the zip maintainers. At time of writing, @plecra has the decryption key. Sending encrypted reports to [email protected] or via a new github issue is greatly appreciated.