Security fix
- Fixes
sbt.io.IO.withTemporaryFilenot limiting access on Unix-like systems in io#344/zinc#1185 by @eed3si9n
IO.withTemporaryFile fix
sbt 1.8.3 fixes sbt.io.IO.withTemporaryFile etc not limiting access on Unix-like systems. Prior to this patch release, some functions were using java.io.File.createTempFile, which does not set strict file permissions, as opposed to the NIO-equivalent that does.
This means that on a shared Unix-like systems, build user or plugin's use of sbt.io.IO.withTemporaryFile etc would have exposed the information to other users.
This issue was reported by Oleksandr Zolotko at IBM, and was fixed by Eugene Yokota (@eed3si9n) in io#344/zinc#1185.
Other updates
sbt 1.8.3 backports Zinc and IO fixes from 1.9.0-RC2 as well.
- Fixes Zinc incremental compilation looping infinitely zinc#1182 by @CarstonSchilds
- Fixes spurious whitespace in the runner script by @keynmol in #7134
- Fixes NullPointerError under
-Vdebugby @som-snytt in zinc#1141 - Avoids deprecated
java.net.URLconstructor by @xuwei-k in io#341 - Updates to Swoval 2.1.10 by @eatkins in io#343
- Notifies
ClassFileManagerfromIncOptionsinIncremental.pruneby @lrytz in zinc1148 - Adds
FileFilter.nothingandFileFilter.everythingby @mdedetrich in io#340