sking1989 发表于 2024-3-30 21:45

Apktool v2.9.3最新版本分享

更新日志:
Apktool v2.9.3 has been released! This release is a hot-fix on top of the previous v2.9.2 release for a related security fix.
Discovered by Cl0udG0d the previous path traversal fix was not hardened when running against Windows. It was learned that Windows will handle both path separators (/ and \) which v2.9.2 had previously isolated to the intended OS. Now cleansing of resource names will include both path separators no matter the OS.
Apktool has had a few CVEs over the last decade, but the last one was the most public for sure. I attribute that to the rise of automated detection logic which flagged systems and tools to update their version of Apktool. This meant lots of folks asked for patches to various old versions. Apktool hasn't really taken care in supporting older versions, but will take a more serious effort now.
v2.10.x will be the next large feature release, but a branch v2.9.x exists for security/urgent fixes. We will try and support the last release or two until it doesn't seem worthwhile.

下载地址,蓝奏云:
https://wwz.lanzn.com/i7Sa61t86p9e

luodeman 发表于 2024-3-31 09:07

yong2050 发表于 2024-3-30 21:50
英文不好,还真看不懂
机翻
更新日志:
apktool v2.9.3 已发布!此版本是先前 v2.9.2 版本之上的一个热修复程序,用于相关的安全修复。cl0udg0d 发现,在 Windows 上运行时,之前的路径 Trersal 修复并未得到强化。据了解,Windows 将处理 v2.9.2 之前已将其隔离到预期操作系统的路径分隔符(/ 和 \)。现在,无论操作系统如何,资源名称的清理都将包括两个路径分隔符。apktool 在过去十年中已经有几个 cve,但最后一个是最公开的。我将其归因于 tomated 检测逻辑,该逻辑将 s 和工具标记为它们的 apktool 版本。这意味着很多人要求对旧版本进行补丁。apktool 还没有真正关心支持旧版本,但现在会付出很大的努力。v2.10.x 将是下一个大型功能版本,但存在用于 secity/gent 修复的分支 v2.9.x。我们将尝试支持最后一个版本或o,直到它看起来不值得。

yong2050 发表于 2024-3-30 21:50

英文不好,还真看不懂

njbnjb01 发表于 2024-3-30 22:36

不错不错

qwq23496 发表于 2024-3-30 23:11

支持支持

huifeideyu123 发表于 2024-3-30 23:37

看不懂啊

meder 发表于 2024-3-30 23:54

感谢分享

wiltzy 发表于 2024-3-31 00:26

感谢分享。

tek2y 发表于 2024-3-31 00:40

感谢分享

aon123 发表于 2024-3-31 01:40

没用过,好用吗

FYL11162022 发表于 2024-3-31 02:04

感谢分享,收藏
页: [1] 2 3 4 5
查看完整版本: Apktool v2.9.3最新版本分享