Menu
We have a Solution targeting .NET Framework 4.8 with over 80 projects in it, and a few projects in this Solution reference a nuget package for DotNetZip. This has now been deprecated:
I would really like to avoid having to rewrite large chunks of code to target a different package. We started off using Ionic.zip. This package was deprecated a good while ago now, but it came with a recommendation "This package is deprecated. Use DotNetZip instead." and we replaced Ionic.Zip with DotNetZip. That was easy. But with the deprecation of DotNetZip all we're getting is "This package version is deprecated", without any recommendation re. what to replace it with.
Now what?
807
asked Sep 01 '25 20:09
Just found a new fork, ProDotNetZip, which fixes the vulnerability, but only has .NET Standard 2.0 support
Edit: a new one popped up, DotNetZip.Original, this also built on .NET Standard 2.0 (as of Feb 15).
53
The big issue now is that there is a 9.8 scored vulnerability in DotNetZip (in the latest 1.16.0) and DotNetZip.Semverd itself is not longer maintained and thus archived by the dev.
As someone stated in the comments System.IO.Compression does not support encryption. And the only other "big" OSS library SharpZipLib seems to be unmaintained as well. So I think we have a serious problem now...
Does anyone know suitable alternatives? 7zip could be a candidate but using command line tool is not really convenient.
35
answered Sep 04 '25 08:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
