You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by "Simon Wade (JIRA)" <ji...@apache.org> on 2018/08/29 06:54:00 UTC
[jira] [Comment Edited] (IVY-1590) FileUtil.forceDelete() follows
symlinks
[ https://issues.apache.org/jira/browse/IVY-1590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16595993#comment-16595993 ]
Simon Wade edited comment on IVY-1590 at 8/29/18 6:53 AM:
----------------------------------------------------------
{quote}I haven't yet checked, but was it different in 2.4.0 of Ivy?
{quote}
I _think_ it's been that way forever, but I'm only going from memory. It's probably worth checking.
EDIT: Yes, the method appears to have the same implementation in 2.4.0.
was (Author: simon wade):
{quote}I haven't yet checked, but was it different in 2.4.0 of Ivy?
{quote}
I _think_ it's been that way forever, but I'm only going from memory. It's probably worth checking.
> FileUtil.forceDelete() follows symlinks
> ---------------------------------------
>
> Key: IVY-1590
> URL: https://issues.apache.org/jira/browse/IVY-1590
> Project: Ivy
> Issue Type: Bug
> Affects Versions: 2.5.0-rc1
> Reporter: Simon Wade
> Priority: Major
>
> If FileUtil.forceDelete(File) is called with symbolic link to a directory, it will follow that link and delete the contents of the target directory. It's not clear if this is the intended behaviour or not, but it does carry the risk of reaching into the cache via retrieved artifacts.
> Note that this was observed on Windows; the behaviour on other platforms is unknown.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)