Try fix security issue

Author: tomas-sexenian

gxcompress/src/main/java/com/genexus/compression/GXCompressor.java

@@ -408,11 +408,12 @@ public static void decompressJar(File jarFile, String outputPath) throws IOExcep
 			JarEntry entry;
 			byte[] buffer = new byte[1024];
 			while ((entry = jis.getNextJarEntry()) != null) {
-				File outputFile = new File(outputDir, entry.getName());
-				if (entry.isDirectory()) {
-					if (!outputFile.exists() && !outputFile.mkdirs()) {
-						throw new IOException("Failed to create directory " + outputFile.getAbsolutePath());
-					}
+				File outputFile = new File(outputDir, entry.getName()).getCanonicalFile();
+				if (!outputFile.getPath().startsWith(outputDir.getCanonicalPath() + File.separator)) {
+					throw new IOException("Entry is outside of the target dir: " + entry.getName());
+				}
+				if (entry.isDirectory() && !outputFile.exists() && !outputFile.mkdirs()) {
+					throw new IOException("Failed to create directory " + outputFile.getAbsolutePath());
 				} else {
 					try (FileOutputStream fos = new FileOutputStream(outputFile)) {
 						int len;