Merge pull request orphan-oss#183 from BulkSecurityGeneratorProjectV2/fix/JLL/zip-slip-vulnerability

[SECURITY] Fix Zip Slip Vulnerability

Author: lukaszlenart

src/main/java/com/akathist/maven/plugins/launch4j/Launch4jMojo.java

@@ -525,6 +525,9 @@ private File unpackWorkDir(Artifact artifact) throws MojoExecutionException {
                 while (en.hasMoreElements()) {
                     JarEntry je = en.nextElement();
                     File outFile = new File(dest, je.getName());
+                    if (!outFile.toPath().normalize().startsWith(dest.toPath().normalize())) {
+                        throw new RuntimeException("Bad zip entry");
+                    }
                     File parent = outFile.getParentFile();
                     if (parent != null) parent.mkdirs();
                     if (je.isDirectory()) {