https://bz.apache.org/bugzilla/show_bug.cgi?id=63029
--- Comment #4 from Axel Dörfler <[email protected]> --- What makes this bug even worse is that the temp file is deleted in any case; ZipPackage.closeImpl() deletes the temp file in a finally block. Even if an atomic move is not possible (if the temp dir is on a different file system, for example), you can still make it more secure by renaming the original file first, and only delete that in case everything worked out. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
