Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.
Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29