diff --git a/iocage_lib/ioc_fetch.py b/iocage_lib/ioc_fetch.py
index 585824fb..9a978f7d 100644
--- a/iocage_lib/ioc_fetch.py
+++ b/iocage_lib/ioc_fetch.py
@@ -47,6 +47,9 @@
 from iocage_lib.pools import Pool
 from iocage_lib.dataset import Dataset
 
+# deliberately crash if tarfile doesn't have required filter
+tarfile.tar_filter
+
 
 class IOCFetch:
 
@@ -817,7 +820,7 @@ def fetch_extract(self, f):
             # removing them first.
             member = self.__fetch_extract_remove__(f)
             member = self.__fetch_check_members__(member)
-            f.extractall(dest, members=member)
+            f.extractall(dest, members=member, filter='tar')
 
     def fetch_update(self, cli=False, uuid=None):
         """This calls 'freebsd-update' to update the fetched RELEASE."""
diff --git a/iocage_lib/ioc_plugin.py b/iocage_lib/ioc_plugin.py
index 9ea6bad1..4a80253f 100644
--- a/iocage_lib/ioc_plugin.py
+++ b/iocage_lib/ioc_plugin.py
@@ -61,6 +61,9 @@
 GIT_LOCK = threading.Lock()
 RE_PLUGIN_VERSION = re.compile(r'"path":"([/\.\+,\d\w-]*)\.txz"')
 
+# deliberately crash if tarfile doesn't have required filter
+tarfile.tar_filter
+
 
 class IOCPlugin(object):
 
@@ -157,7 +160,7 @@ def download_parse_packagesite(packagesite_url):
                             shutil.copyfileobj(r.raw, f)
 
                     with tarfile.open(packagesite_txz_path) as p_file:
-                        p_file.extractall(path=tmpdir)
+                        p_file.extractall(path=tmpdir, filter='data')
 
                     packagesite_path = os.path.join(tmpdir, 'packagesite.yaml')
                     if not os.path.exists(packagesite_path):