Due to CVE-2020-29488, Percona XtraBackup is modifying how xbstream handles absolute paths to prevent malicious file injections. Like the tar archiving utility, the new behavior removes the leading ‘/’ character and references to the parent directory.
Fixes are available in Percona XtraBackup versions:
>= 2.4.22
>= 8.0.23-16.0
For example, ../../../d1/../d2/h.txt will be saved
in the stream with the relative path ./d2/h.txt.
The updated function provides a warning when creating a stream with a file with an absolute path:
$ xbstream -c /tmp/data
xbstream: Removing leading '/' from member names
The function also will not extract …
[Read more]