v1.3.1
版本发布时间: 2023-01-11 01:10:40
pandora-analysis/pandora最新发布版本:v1.9.0(2024-07-02 06:36:03)
Security patch
This releases fixes CVE-2023-22898 where a nested archive (aka ZIP Bomb) could trigger a DOS to the platform, especially to the extractor module. Thank you @kurgans0 for reporting it.
New features
- Limit the amount of archives to recursively extract from a file, and the maximal depth (Fixes CVE-2023-22898)
- Display link to VT report instead of text in the report
Changes
- Many improvements in the dfVFS extractor, support files with multiple filesystems
- Improve mime types synonyms
- Improve notification email (set reply-to if possible, insert full link in email body.
- Bump all dependencies
Bug fixes
- Fix exception on edge cases when using the dfVFS extractor
- Only allow submitting one file at the time - the UI was allowing multiple files by mistake, it wasn't supposed to be supported and causes UI issues. Supporting multiple upload will be implemented later.