The build process for the project I am currently working on just got hosed by Microsoft Security Update for Microsoft .NET Framework 2.0 (KB928365). A hundred-odd projects which had been building correctly for weeks or months suddenly started to error during solution build, with post-build event failures complaining of file paths not found.
The failing post-build events all contained constructs like:
msbuild /v:m "$(ProjectDir)\..\Common\postbuild.proj" ...
the error was happening because these events were now being executed as though it was
msbuild /v:m "<project folder>\Common\postbuild.proj" ... i.e. looking for the Common folder as a child of the project folder rather than its sibling.
The eagle-eyed may have spotted that the expression in our project file generates a superfluous backslash after the project folder, because the $(ProjectDir) macro is expanded by VS to include a trailing backslash.
It turns out that this security patch changes behaviour at the operating system level concerning the interpretation of file system paths containing duplicated backslash characters. Whereas the OS was previously forgiving of duplicates, treating them just as single backslash characters, the new behaviour somewhat bizarrely treats '\\..\' as though it were just '\' .
I'm wondering whether this change in behaviour is intentional, and somehow related to a security issue, or whether it is an unintentional side effect of something MS have patched. I'm also wondering how many latent defects there are out there in deployed applications, which are going to be exposed by this.