After the correction of JENKINS-32778, it seems there is a corner case that was not covered correctly. In practice, this code is in a private method that cannot be called directly using a File. All the current callers are using a FilePath that cancel the problem.

Anyway as this bug is known (with reproduction) a correction is welcomed instead of letting known issue in the wild until someone tries to use it and "reveals" the bug. Nothing security related, the bug will just be over protective instead of too permissive.