From 82f5edcf49002943773a165464e152b1d75a68a8 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bodewig@apache.org>
Date: Thu, 23 Dec 2021 18:25:47 +0100
Subject: [PATCH] change the default of authenticateOnRedirect

---
 WHATSNEW                                        | 14 +++++++++-----
 manual/Tasks/get.html                           |  2 +-
 src/main/org/apache/tools/ant/taskdefs/Get.java |  2 +-
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/WHATSNEW b/WHATSNEW
index 6dcfe9b2c..ff6e43af7 100644
--- a/WHATSNEW
+++ b/WHATSNEW
@@ -1,6 +1,15 @@
 Changes from Ant 1.10.12 TO Ant 1.10.13
 =======================================
 
+Changes that could break older environments:
+-------------------------------------------
+
+* <get> has a new attribute authenticateOnRedirect that can be used to
+  prevent Ant from sending the configured credentials when following a
+  redirect. It is false by default, which means builds that rely on
+  credentials being used on the redirected URI may break.
+  Github Pull Request #173
+
 Other changes:
 --------------
 
@@ -16,11 +25,6 @@ Other changes:
 * <ftp> now supports FTPs.
   Github Pull Request #170
 
-* <get> has a new attribute authenticateOnRedirect that can be used to
-  prevent Ant from sending the configured credentials when following a
-  redirect. It is true by default for backwards compatibility reasons.
-  Github Pull Request #173
-
 Changes from Ant 1.10.11 TO Ant 1.10.12
 =======================================
 
diff --git a/manual/Tasks/get.html b/manual/Tasks/get.html
index b4c4e579b..fe7deb4f2 100644
--- a/manual/Tasks/get.html
+++ b/manual/Tasks/get.html
@@ -95,7 +95,7 @@ the request is relayed to the proxy.</p>
     <td>authenticateOnRedirect</td>
     <td>Whether the credentials should also be sent to the new location when a redirect is followed.<br/>
     <em>since Ant 1.10.13</em></td>
-    <td>No; default is <q>true</q></td>
+    <td>No; default is <q>false</q></td>
   </tr>
   <tr>
     <td>maxtime</td>
diff --git a/src/main/org/apache/tools/ant/taskdefs/Get.java b/src/main/org/apache/tools/ant/taskdefs/Get.java
index 15f732f16..03915cc50 100644
--- a/src/main/org/apache/tools/ant/taskdefs/Get.java
+++ b/src/main/org/apache/tools/ant/taskdefs/Get.java
@@ -82,7 +82,7 @@ public class Get extends Task {
     private boolean ignoreErrors = false;
     private String uname = null;
     private String pword = null;
-    private boolean authenticateOnRedirect = true; // on by default for backward compatibility
+    private boolean authenticateOnRedirect = false;
     private long maxTime = 0;
     private int numberRetries = NUMBER_RETRIES;
     private boolean skipExisting = false;