Zip4J is listed as vulnerable for Zip Slip. They claim that Zip4J 1.3.3 has the fix. However the JAR we download from their site is empty and has no classes.
Did anyone manage to get the 1.3.3 version? Any other alternative for a Zip utility that supports encrypted zips? Have mailed the Zip4J developer, but checking here as well to see how everyone is handling it.
I noticed there is a problem with the jar files from their own website at http://www.lingala.net/zip4j/download.php
But when I downloaded it from https://mvnrepository.com/artifact/net.lingala.zip4j/zip4j/1.3.2 , it is working perfectly.