Security Note: Using the default temporary directory
specified by java.io.tmpdir can result in the leakage of
-sensitive information or possibly allow an attacker to execute
-arbitrary code. This is especially true in multi-user environments. It
-is recommended that ant.tmpdir be set to a directory
-owned by the user running Ant with 0700 permissions. Ant 1.10.8 and
-later will try to make temporary files created by it only
+sensitive information or possibly allow an attacker to inject source
+files into the build process. This is especially true in multi-user
+environments. It is recommended that ant.tmpdir be set to
+a directory owned by the user running Ant with 0700 permissions. Ant
+1.10.8 and later will try to make temporary files created by it only
readable/writable by the current user but may silently fail to do so
depending on the OS and filesystem.