ant (1.9.9-1+deb9u1) stretch-security; urgency=high

  Changes that could break older environments
  -------------------------------------------
  <unzip>, <unjar> and <untar> will no longer extract entries whose
  names would make the created files be placed outside of the
  destination directory anymore by default. A new attribute
  allowFilesToEscapeDest can be used to override the behavior.
  Another special case is when stripAbsolutePathSpec is false (which
  no longer is the default) and the entry's name starts with a
  (back)slash and allowFilesToEscapeDest hasn't been specified
  explicitly, in this case the file may be created outside of the
  dest directory as well.
  In addition stripAbsolutePathSpec is now true by default.

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 22 Jul 2018 09:30:31 +0200
