Issue Summary

In Bamboo 12.X,we had implemented  tightened path-traversal protections and it now enforces that build-time file operations occur within a secure working directory.
Stricter path validation is applied to build-time file operations (e.g. artifact handling, script tasks, checkout, test reports, etc.).
All file access is constrained to the “secure working directory” for the build/agent.
Symlink escapes and crafted relative paths (.., symlinks pointing outside the workspace, paths resolving to system dirs, shared mounts, etc.) are now blocked.

Steps to Reproduce

Create 2 script tasks
On the first script task create a symlink to folder inside build working directory
ln -sf $HOME/repo/anik anik
On the second script task mention anik as the working subdirectory and in the inline script body call the script
helloworld.sh

Expected Results

Script runs fine

Actual Results

Script task fails with the error.

java.lang.IllegalArgumentException: Path '/var/atlassian/application-data/bamboo-agent/xml-data/build-dir/TEST-MVFP-JOB1/anik' is outside of a secure directory /var/atlassian/application-data/bamboo-agent/xml-data/build-dir/TEST-MVFP-JOB1

Workaround

1. Remove the working subdirectory and call the script directly in the script body as

cd anik;./helloworld.sh