ant (1.9.9-1+deb9u1) stretch-security; urgency=high Changes that could break older environments ------------------------------------------- , and will no longer extract entries whose names would make the created files be placed outside of the destination directory anymore by default. A new attribute allowFilesToEscapeDest can be used to override the behavior. Another special case is when stripAbsolutePathSpec is false (which no longer is the default) and the entry's name starts with a (back)slash and allowFilesToEscapeDest hasn't been specified explicitly, in this case the file may be created outside of the dest directory as well. In addition stripAbsolutePathSpec is now true by default. -- Salvatore Bonaccorso Sun, 22 Jul 2018 09:30:31 +0200