This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ant.git
commit 51353ac2a4e4838ad3a9b35c9f8e5162ec7fe4c8 Merge: dffd57c 926f339 Author: Stefan Bodewig <[email protected]> AuthorDate: Sun May 10 15:11:29 2020 +0200 Merge branch '1.9.x' manual/running.html | 9 +++++++++ 1 file changed, 9 insertions(+) diff --cc manual/running.html index ab48f95,f9124a2..e31ec34 --- a/manual/running.html +++ b/manual/running.html @@@ -521,36 -549,35 +521,45 @@@ on the platform and the JVM implementat <p>Tasks not provided with the Ant distribution will ignore the <code>ant.tmpdir</code> property and use <code>java.io.tmpdir</code> unless they have been adapted to the - changed API of Ant 1.9.15.</p> + changed API of Ant 1.10.8.</p> + <p><b>Security Note:</b> Using the default temporary directory + specified by <code>java.io.tmpdir</code> can result in the leakage of + sensitive information or possibly allow an attacker to execute + arbitrary code. This is especially true in multi-user environments. It + is recommended that <code>ant.tmpdir</code> be set to a directory -owned by the user running Ant with 0700 permissions.</p> - -<h2><a name="cygwin">Cygwin Users</a></h2> -<p>The Unix launch script that come with Ant works correctly with Cygwin. You -should not have any problems launching Ant from the Cygwin shell. It is -important to note, however, that once Ant is running it is part of the JDK -which operates as a native Windows application. The JDK is not a Cygwin -executable, and it therefore has no knowledge of Cygwin paths, etc. In -particular when using the <code><exec></code> task, executable names such -as "/bin/sh" will not work, even though these work from the Cygwin -shell from which Ant was launched. You can use an executable name such as -"sh" and rely on that command being available in the Windows path. -</p> ++owned by the user running Ant with 0700 permissions. Ant 1.10.8 and ++later will try to make temporary files created by it only ++readable/writable by the current user but may silently fail to do so ++depending on the OS and filesystem.</p> -<h2><a name="os2">OS/2 Users</a></h2> -<p>The OS/2 launch script was developed to perform complex tasks. It has two parts: -<code>ant.cmd</code> which calls Ant and <code>antenv.cmd</code> which sets the environment for Ant. -Most often you will just call <code>ant.cmd</code> using the same command line options as described -above. The behaviour can be modified by a number of ways explained below.</p> +<h2 id="cygwin">Cygwin Users</h2> +<p> +Unix launch script that come with Ant works correctly with Cygwin. You +should not have any problems launching Ant from the Cygwin shell. It +is important to note, however, that once Ant is running it is part of +the JDK which operates as a native Windows application. The JDK is not +a Cygwin executable, and it therefore has no knowledge of Cygwin +paths, etc. In particular when using the <code><exec></code> +task, executable names such as <q>/bin/sh</q> will not work, even +though these work from the Cygwin shell from which Ant was +launched. You can use an executable name such as <q>sh</q> and rely on +that command being available in the Windows path. + +<h2 id="os2">OS/2 Users</h2> +<p> +The OS/2 launch script was developed to perform complex tasks. It has +two parts: <kbd>ant.cmd</kbd> which calls Ant +and <kbd>antenv.cmd</kbd> which sets the environment for Ant. Most +often you will just call <kbd>ant.cmd</kbd> using the same command +line options as described above. The behaviour can be modified by a +number of ways explained below. +</p> -<p>Script <code>ant.cmd</code> first verifies whether the Ant environment is set correctly. The -requirements are:</p> +<p> +Script <kbd>ant.cmd</kbd> first verifies whether the Ant environment +is set correctly. The requirements are: +</p> <ol> <li>Environment variable <code>JAVA_HOME</code> is set.</li> <li>Environment variable <code>ANT_HOME</code> is set.</li>
