v1.1.0 - Zero-Trust 7z Extraction & Zero-Copy Performance Update

Automated core release. Zero-trust sandbox built.We are thrilled to announce ZDefuser v1.1.0, bringing highly requested format support and massive architectural performance boosts to the Zero-Trust extraction ecosystem.

🚀 What's New

🗄️ Native 7z Archive Support & Decryption

ZDefuser now fully supports extracting .7z archives—including those locked behind AES encryption! By leveraging pure-Rust LZMA/LZMA2 parsers, 7z archives are physically isolated and unpacked without relying on vulnerable legacy C/C++ bindings.

⚡ Zero-Copy I/O Performance

We've completely rewritten the filesystem staging pipeline. By implementing OS-level hard_link and rename operations, massive files (e.g., 50GB payloads) now transfer into the sandbox and release to your system instantaneously, avoiding the heavy CPU and disk overhead of traditional byte-copying.

🛡️ Hardened Security Bounds

• Solid Archive Zip-Bomb Defense: Implemented a global volume ratio tracker to instantly neutralize highly-compressed "solid" archives (.tar.gz, .7z) where individual file boundaries are obscured by hackers.
• Aggressive Unix Privilege Stripping: The Layer-3 Release Gate now rigidly masks against 0o666, guaranteeing the obliteration of stealthy SUID/SGID escalation tags alongside standard executable (+x) scripts.
• Unicode RTLO Sanitization: Strengthened WASM path validation to actively filter out bidirectional Unicode spoofing characters (e.g., disguising .exe as .txt).

💼 Enterprise Ready

Finalized project metadata, ensuring accurate structured data schemas, correct Apple Silicon compilation targets, and a proud 0 Vulnerabilities audit by Snyk.

---

🍎 macOS Installation Notice

ZDefuser is currently unsigned. Upon your first launch on macOS (Apple Silicon), Gatekeeper may warn that the app is "damaged" or from an "Unidentified Developer".

To permanently fix this, open your Terminal and run:

xattr -cr /Applications/ZDefuser.app

ZDefuser v1.0.2 (Stable): UI Visualization & TypeScript Strictness HotfixZDefuser v1.0.2

🛡️ Release Overview

ZDefuser v1.0.2 is a targeted hotfix that stabilizes the graphical user interface during malicious or invalid payload drops, while enforcing stricter TypeScript compilation constraints across the global event bus. This release ensures that unauthorized files are intercepted and visibly rejected on screen 100% of the time.

🚀 Key Fixes & Enhancements

1. Hardened Global Drag-and-Drop Execution

• Visual Bug Fix: Resolved a silent race-condition where dragging deliberately unapproved executable file extensions (e.g., .exe, .bin) into the application would correctly abort the execution, but practically fail to transition the UI to display the bold red Blocked error screen.
• Impact: Users will now instantly and unequivocally see the Unsupported file type diagnostic panel any time an invalid file drops onto the application, preventing user confusion and reinforcing Zero-Trust visibility.

2. TypeScript Data-Layer Integrity

• Strict Payload Parsing: Patched an upstream regression within the SandboxEvent architecture where error events attempted to process incompatible inner fields (current, total, bytes parameters intended solely for Progress events). The TypeScript hooks have been sanitized to rigorously align with App.tsx architectural contracts.

3. Absolute Code Coverage

• 100% Functional Integrity: Advanced the internal testing mechanisms to achieve and mandate a flawless 100% Branch, Function, and Line code coverage benchmark, extending mocked behaviors to validate global secure password injections during payload evaluation.

📦 Checksums & Downloads

(Your GitHub Action pipeline will automatically attach the compiled Installer.msi, AppImage, .deb, and macOS applications below)

ZDefuser v1.0.1 (Stable): Enterprise Dual Licensing & Architectural Resiliency

🛡️ Release Overview

ZDefuser v1.0.1 transitions the software into an enterprise-ready legal and architectural state. This patch release focuses on securing the organizational intellectual property via an Open-Core Dual Licensing model, eradicating false technical claims in the architectural documentation, resolving UI component edge cases, and future-proofing the CI/CD pipeline infrastructure.

🚀 Key Features & Fixes

1. Commercial Licensing Implementation (Enterprise Compliance)

• GNU AGPLv3 Dual License Migration: ZDefuser has officially transitioned from the permissive MIT License to a rigid GNU AGPLv3 + Commercial EULA (Dual License) model.
• Automated Third-Party Governance: The generate_licenses.py orchestration pipeline has been fully synchronized with the transition, guaranteeing that all embedded Wasmtime, Rust, and React foundational libraries maintain out-of-the-box legal compliance regardless of the host license modification.
• Note for Enterprise users: Any cloud-backend or internally embedded deployments without open-sourcing your proprietary code now expressly require contacting the maintainers for a Commercial License Bypass.

2. Architectural Accuracy & Documentation Parity

• Memory Constraints Addressed: Corrected a materially false claim across documentation indicating "In-Memory Extraction". Due to the 32-bit linear memory space limits of wasm32-wasip1 (4GB max), the architectural diagrams have been rectified to accurately reflect "Streaming I/O Extraction".
• Apple Silicon Alignment: Purged deprecated external references to "Intel" macOS constraints, accurately matching the exclusive cross-compiled aarch64 binaries generated by the CI/CD matrix.

3. Application Hardening & Defect Resolution

• TypeScript Defect Resolution: Eradicated a severe React typing regression where SandboxEvent error arrays attempted to instantiate nonexistent internal properties (file, current, total), stabilizing the frontend logging mechanisms.
• SemVer Parity Sync: Systematically purged all lingering UI codebase and backend build artifacts (Cargo.lock, AboutModal.tsx) that were mistakenly pointing to 1.0.0-rc.1, bringing 100% of the binary signatures into alignment with v1.0.1.

4. CI/CD Infrastructure Future-Proofing

• GitHub Runner Hardening: Immunized the automated build matrix against the forthcoming actions/checkout@v4 Node 20 deprecation cycle by explicitly opting all underlying JavaScript runners into the Node 24 runtime environment.

📦 Checksums & Downloads

(Your GitHub Action pipeline will automatically attach the compiled Installer.msi, AppImage, .deb, and MacOS applications below)

ZDefuser v1.0.0: The Zero-Trust Milestone 🛡️

Automated core release. Zero-trust sandbox built.## 🚀 ZDefuser v1.0.0 (Initial Release)
Welcome to the absolute perimeter of archive security. ZDefuser v1.0.0 introduces a paradigm shift by shifting decompression logic entirely into a physically isolated WebAssembly (Wasm) sandbox, ensuring zero-day malware never touches your host operating system.

🛡️ Core Security Architecture

• WASI Quarantine Zone: All .zip, .tar, and .rar files are detonated within a volatile wasm32-wasip1 memory bubble. Access to host network and unauthorized directories is mathematically impossible.
• Zip Bomb Decimation: Active Dynamic Compute Rationing (Fuel) instantly locks down infinite loop CPU-DoS attacks and terminates ballooning payloads.
• Path & Symlink Neutralization: Total zero-tolerance for ../../ Directory Traversal strikes and stealthy symbolic link exfiltration.
• RTLO Spoofing Defense: Malicious Right-to-Left Override UI spoofing strings (e.g., invoice[RTLO]xcod.exe) are structurally invalidated before reaching the host.
• Executable Bit Stripping: Hostile +x Unix script flags are cleanly stripped at the Layer-2 Release Gate.

📥 Cross-Platform Binaries

No dependencies required. We provide natively compiled binaries built purely via GitHub Actions:

• 🍎 macOS: Apple Silicon & Intel (.dmg)
  • Security Note: Since this release is not yet notarized by an Apple Developer Certificate, Gatekeeper will issue a warning. Simply run xattr -cr /Applications/ZDefuser.app in your Terminal to clear the quarantine flag.
• 🪟 Windows: Native Installers (.msi, .exe)
• 🐧 Linux: Portable (.AppImage) and Debian packages (.deb)

🤝 Enterprise Compliance

This 1.0 release introduces automated Third-Party License orchestration. ZDefuser complies with strict MIT, Apache, and BSD open-source redistribution requirements out of the box.

---

Stay isolated. Stay safe. 🔐