junit 4.13.1 release note: https://github.com/junit-team/junit4/blob/HEAD/doc/ReleaseNotes4.13.1.md

4.13.1 contains the following security fix:

Security fix: TemporaryFolder now limits access to temporary folders on Java 1.7 or later

A local information disclosure vulnerability in TemporaryFolder has been fixed. See the published security advisory for details.