Ramblings of a Tampa engineer

Apktool v2.9.2 has been released! This release is a hot-fix on top of the previous v2.9.1 release for 1 security fix.

Discovered by Yusuf at Denuvo Apktool would infer file names from the respective resource names, which if made malicious would result in a file being written outside of the directory in which Apktool was operating (ie path traversal). This can be read in more detail at the issue report: CVE-2024-21633 (GHSA-2hqv-2xv4-5h5w)


I launched GitHub Sponsors to help provide another alternative for folks showing appreciation. I want to remind folks of two companies that continue to hold a monthly donation for the project.

  • Emerge Tools came online to sponsor the tool.
  • Sourcetoad (self employer) additionally joined to sponsor (as well as a few other projects).

This release had 3 commits by 1 person

  • Connor Tumbleson (iBotPeaches) - 3 commits

Changes since 2.9.1


  • The v2.9.x releases have moved to aapt2 being the default. If you'd like to return to the previous behavior, please use --use-aapt1 during build stage.


You’ve successfully subscribed to Connor Tumbleson
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.