Could you tell me what the potential security hole is， and how I reproduce.
I committed this to the 0.21 branch.
There's a potential security hole in the task-controller as it stands. I'm going to commit this change and roll a new 0.21.0 release candidate today. We can roll a 0.21.1 release with the task-controller when it is fixed.
+1 on the patch, although it might make sense to edit the build.xml too.
This patch is only for the 0.21 branch.