Once again, just updating the base zip4j library to 2.11.3, details in the ticket [LDEV-4376] - Lucee
CVE with older versions up to Compress 1.0.0.14
Base Score: 5.9 MEDIUM
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.