Affected versions of this package are vulnerable to Insecure Default. It uses the default temporary directory identified by the Java system property
java.io.tmpdir for several tasks and may thus leak sensitive information. The
replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
There is no fixed version for