alhudz opened a new pull request, #473: URL: https://github.com/apache/commons-fileupload/pull/473
The temporary file written by DeferrableOutputStream.persist() backs an uploaded part and, by default, lives in the shared system temporary directory. Files.newOutputStream creates it with the default rw-r--r-- mode on POSIX systems, leaving uploaded content readable by other local users. Create the file with rw------- where the file system supports POSIX permissions so the data is restricted to the owner. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
