From a35f4146dab4c69a04dfd7e41344890cac01c6fa Mon Sep 17 00:00:00 2001
From: Ryan Oldenburg <ryan@guzba.com>
Date: Tue, 5 Oct 2021 14:44:43 -0500
Subject: [PATCH] 0.7.2

---
 src/zippy/tarballs.nim    | 5 +++++
 src/zippy/ziparchives.nim | 5 +++++
 zippy.nimble              | 2 +-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/zippy/tarballs.nim b/src/zippy/tarballs.nim
index 9aeff56..af45887 100644
--- a/src/zippy/tarballs.nim
+++ b/src/zippy/tarballs.nim
@@ -311,6 +311,11 @@ proc extractAll*(
           ZippyError,
           "Extracting paths starting with `..` is not supported (" & path & ")"
         )
+      if "/../" in path or r"\..\" in path:
+        raise newException(
+          ZippyError,
+          "Extracting paths containing `/../` is not supported (" & path & ")"
+        )
 
       case entry.kind:
       of ekNormalFile:
diff --git a/src/zippy/ziparchives.nim b/src/zippy/ziparchives.nim
index 5967c5f..5416145 100644
--- a/src/zippy/ziparchives.nim
+++ b/src/zippy/ziparchives.nim
@@ -479,6 +479,11 @@ proc extractAll*(
           ZippyError,
           "Extracting paths starting with `..` is not supported (" & path & ")"
         )
+      if "/../" in path or r"\..\" in path:
+        raise newException(
+          ZippyError,
+          "Extracting paths containing `/../` is not supported (" & path & ")"
+        )
 
       case entry.kind:
       of ekDirectory:
diff --git a/zippy.nimble b/zippy.nimble
index 57043bd..e67ae22 100644
--- a/zippy.nimble
+++ b/zippy.nimble
@@ -1,4 +1,4 @@
-version       = "0.7.1"
+version       = "0.7.2"
 author        = "Ryan Oldenburg"
 description   = "Pure Nim implementation of deflate, zlib, gzip and zip."
 license       = "MIT"