Please sign in to comment.
Fix JRUBY-5524: FileUtils is vulnerable to symlink race attacks
This patch is imported from upstream temporarily. Here's a commit log of CRuby's fix. * lib/fileutils.rb (FileUtils::remove_entry_secure): there is a race condition in the case where the given path is a directory, and some other user can move that directory, and create a symlink while this method is executing. Reported by: Nicholas Jefferson <nicholas at pythonic.com.au>
- Loading branch information...