Improving security in case of malicious archive content - 8.0

Talend Installation Guide

Operating system
Subscription type
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend LogServer
Talend MDM Server
Talend MDM Web UI
Talend Runtime
Talend SAP RFC Server
Talend Studio
Installation and Upgrade
Last publication date
Available in...

Data Fabric

Data Services Platform


MDM Platform

Real-Time Big Data Platform

Talend JobServer has built in protection against ZIP Slip and ZIP Symlink attacks. To harden it even more, you can set limits for archive properties in order to protect Talend JobServer against malicious Job archive content.

In case of malicious Job archive content, Denial of Service attacks aiming to break the file system or exhaust disk space might be performed.

To avoid this risk, you can set harder limits for folders and files names, taking into account the space needed for your Job deployments. The default values are stored in the org.talend.remote.jobserver.server.cfg file located in etc directory and are available from a version of Talend JobServer.

These values should not be higher than the name sizes supported by the file system used for the TalendJobServersFiles folder. If one or various limits are exceeded, an error message is displayed and the deployment is rejected.
Note: You can use the following command to check current limits on Linux use: getconf -a | grep -i name_max.

The default values for the editable parameters are listed in the following table. These parameters all start with:
Parameters to improve security in case of malicious archive content
Parameters Description

Maximum size for the archive ZIP file that is being extracted during the deployment.

The default value is of 1 GB.


Number of entries in the archive file.

The default maximal value is 2048.

Length of the archive ZIP file name.

The default maximal value is 240 characters.


Length of folder names inside the archive ZIP file.

The default maximum length of the unzipped folder name is 240 characters.

Length of file names inside the archive ZIP file.

The default maximal value is 240 characters.


Depth limit for folders inside the archive ZIP file.

The default value is 64 levels.

Size limit for the sum of all archives stored in TalendJobServersFiles/archiveJobs folder.

The default size limit is 100GB.