WinRAR 7.12 Beta 1
WinRAR is an archiving utility that completely supports RAR and ZIP archives and is able to unpack CAB, ARJ, LZH, TAR, GZ, UUE, BZ2, JAR, ISO, 7Z, Z archives. It consistently makes smaller archives than the competition, saving disk space and transmission costs. WinRAR offers you the benefit of industry strength archive encryption using AES (Advanced Encryption Standard) with a key of 128 bits. It supports files and archives up to 8,589 billion gigabytes in size. It also offers the ability to create self extracting and multi volume archives. With recovery record and recovery volumes, you can reconstruct even physically damaged archives.
WinRAR 7.12 Beta 1 changelog:
- When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path. Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected. We are thankful to whs3-detonator working with Trend Micro Zero Day Initiative for letting us know about this security issue.
- Previously "Generate report" command included archived file names into HTML report as is, allowing to inject potentially unsafe HTML tags into the report. To prevent such injection the current version replaces file name characters in HTML report with strings. We are thankful to Marcin Bobryk (github.com/MarcinB44) for bringing this security issue to our attention.
- If "Test archived files" and "recovery volumes" archiving options are used together, recovery volumes are also tested. Previous versions completed the test before creating recovery volumes, so they hadn't been verified.
- Nanosecond file time precision is preserved for Unix file records when modifying RAR archive in Windows. Previously it was converted to Windows 100 nanosecond precision.