Due to CVE-2020-29488, Percona XtraBackup is modifying how xbstream handles absolute paths to prevent malicious file injections. Like the tar archiving utility, the new behavior removes the leading ‘/’ character and references to the parent directory.
Fixes are available in Percona XtraBackup versions:
../../../d1/../d2/h.txt will be saved
in the stream with the relative path
The updated function provides a warning when creating a stream with a file with an absolute path:
$ xbstream -c /tmp/data
xbstream: Removing leading '/' from member names
The function also will not extract …[Read more]