Cherry pick branch 'genexuslabs:fix/gxcompress-abitrary-file-access' into beta

Author: sgrampone

gxcompress/src/main/java/com/genexus/compression/GXCompressor.java

@@ -634,12 +634,20 @@ private static void decompress7z(File archive, String directory) throws IOExcept
 		}
 	}
 
+
+
 	private static void decompressTar(File archive, String directory) throws IOException {
 		byte[] buffer = new byte[BUFFER_SIZE];
 		try (TarArchiveInputStream tis = new TarArchiveInputStream(Files.newInputStream(archive.toPath()))) {
 			TarArchiveEntry entry;
 			while ((entry = tis.getNextEntry()) != null) {
+
 				File newFile = new File(directory, entry.getName());
+				if(!newFile.getAbsolutePath().equals(newFile.getCanonicalPath()))
+				{
+					log.error(DIRECTORY_ATTACK + "{}", newFile.getAbsolutePath());
+					return;
+				}
 				if (entry.isDirectory()) {
 					if (!newFile.isDirectory() && !newFile.mkdirs()) {
 						throw new IOException("Failed to create directory " + newFile);