We've discovered and fixed a long-standing security vulnerability in sbt involving command injection on Windows - read more in the blog article:
During our ongoing work on sbt 2, we discovered and fixed a command injection vulnerability affecting sbt on Windows.
www.scala-lang.org
The Scala Programming Language
