tfactor2 commented on PR #498: URL: https://github.com/apache/maven-build-cache-extension/pull/498#issuecomment-4793404626
Addressed the path-safety review feedback in the latest push (`b534e3c`): - `collectCachedArtifactPaths()` now uses the same project-contained path validation for compile output directories and configured attached outputs. - Relative paths are normalized against the project base directory before collection, and outside-project candidates are discarded. - `stagePreExistingArtifacts()` also guards against moving any candidate outside the reactor root. - Added a regression test that verifies outside compile output and attached output directories are not collected for staging. Also removed the reproducer zip from the source diff; it should live on the GitHub issue rather than in the repository. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
