Apktool v2.2.4 has been released! This release packs some important security fixes, along with patching some slowdowns Apktool experienced when decoding applications.
This release also had a few security related fixes, I'd like to thank Chris Shepherd (IBM Security) & Eran Vaknin, Gal Elbaz, Alon Boxiner (Checkpoint) who responsibly disclosed these to me. There is a blog post going into details for those who are curious. If you use apktool in a situation that the public can use it (ie some hosted service), you will want to upgrade.
If you missed the news, Apktool received its first sponsor from Sourcetoad which has helped speed development of releases. You can read about that here.
This release had 31 commits by 3 people.
- Connor Tumbleson (iBotPeaches) - 28 commits
- Marc Miltenberger (MarcMil) - 2 commits
- bingqiao - 1 commit
Changes since v2.2.3
- [#1520] - Android O Final Dev Preview Support
- [#591] - SnakeYAML 1.1.8 (Android Support)
- [#1489] - Fix issue with APKs taking longer than usual to parse resources. (Thanks MarcMil)
- [#1543] - Fix issue with internal binaries not accessible in a Spring boot environment. (Thanks bingqiao)
- [#1520] - Fix issues with rebuilding applications originally built with
- [#1532] - Patch
aaptto support the
$character in resource filenames.
- [#1561] - Fix issue where apktool was holding locks onto files during execution. (Thanks MarcMil)
- [#1534] - Fix issue with APKs that last resource in pool is
- [#1564] - Fix issue with APKs that are including malformed characters to break parser.
- Only exit with
0error code during
- Enforce license header on all source files.
- [Security] Prevent malicous directory traversal with unknown files.
- [Security] Prevent XXE vulnerability when given a malicious
- Upgrade to
For those using apktool at your own leisure in your own environment - you can update at your own pace. For those who apktool in any public facing environment, it is highly recommended to upgrade to
2.2.4 due to the included security fixes as soon as possible. As mentioned above, more details to these security issues and steps taken to resolve can be found here.
- Apktool 2.2.4
- Rename to
apktool.jarand follow the Instruction Guide if you need help.