Hi,

We are currently using zk 5.0.7 and during veracode analysis on our deploy, this scanner found out that there is an unsafe usage of path at line 218 in class org.zkoss.zk.ui.http.AbstractExtendlet.

return new File(_parent, path).toURI().toURL();

We would appreciate your collaboration with this issue.
Thanks in advance.