更新日志:
Apktool v2.9.3 has been released! This release is a hot-fix on top of the previous v2.9.2 release for a related security fix.
Discovered by Cl0udG0d the previous path traversal fix was not hardened when running against Windows. It was learned that Windows will handle both path separators (/ and \) which v2.9.2 had previously isolated to the intended OS. Now cleansing of resource names will include both path separators no matter the OS.
Apktool has had a few CVEs over the last decade, but the last one was the most public for sure. I attribute that to the rise of automated detection logic which flagged systems and tools to update their version of Apktool. This meant lots of folks asked for patches to various old versions. Apktool hasn't really taken care in supporting older versions, but will take a more serious effort now.
v2.10.x will be the next large feature release, but a branch v2.9.x exists for security/urgent fixes. We will try and support the last release or two until it doesn't seem worthwhile.
[复制链接]
发表于 2024-3-30 21:45
