Apktool v2.9.2 Released
Apktool v2.9.2 has been released! This release is a hot-fix on top of the previous v2.9.1 release for 1 security fix.
Discovered by Yusuf at Denuvo Apktool would infer file names from the respective resource names, which if made malicious would result in a file being written outside of the directory in which Apktool was operating (ie path traversal). This can be read in more detail at the issue report: CVE-2024-21633 (GHSA-2hqv-2xv4-5h5w)
I launched GitHub Sponsors to help provide another alternative for folks showing appreciation. I want to remind folks of two companies that continue to hold a monthly donation for the project.
- Emerge Tools came online to sponsor the tool.
- Sourcetoad (self employer) additionally joined to sponsor (as well as a few other projects).
This release had 3 commits by 1 person
- Connor Tumbleson (iBotPeaches) - 3 commits
Changes since 2.9.1
- The v2.9.x releases have moved to aapt2 being the default. If you'd like to return to the previous behavior, please use
--use-aapt1during build stage.
- Apktool 2.9.2
- Rename to
apktool.jarand follow the Instruction Guide if you need help.
- 2.9.2 Doc Site Post