Automated core release. Zero-trust sandbox built.We are thrilled to announce ZDefuser v1.1.0, bringing highly requested format support and massive architectural performance boosts to the Zero-Trust extraction ecosystem.
🚀 What's New
🗄️ Native 7z Archive Support & Decryption
ZDefuser now fully supports extracting .7z archives—including those locked behind AES encryption! By leveraging pure-Rust LZMA/LZMA2 parsers, 7z archives are physically isolated and unpacked without relying on vulnerable legacy C/C++ bindings.
⚡ Zero-Copy I/O Performance
We've completely rewritten the filesystem staging pipeline. By implementing OS-level hard_link and rename operations, massive files (e.g., 50GB payloads) now transfer into the sandbox and release to your system instantaneously, avoiding the heavy CPU and disk overhead of traditional byte-copying.
🛡️ Hardened Security Bounds
- Solid Archive Zip-Bomb Defense: Implemented a global volume ratio tracker to instantly neutralize highly-compressed "solid" archives (
.tar.gz,.7z) where individual file boundaries are obscured by hackers. - Aggressive Unix Privilege Stripping: The Layer-3 Release Gate now rigidly masks against
0o666, guaranteeing the obliteration of stealthySUID/SGIDescalation tags alongside standard executable (+x) scripts. - Unicode RTLO Sanitization: Strengthened WASM path validation to actively filter out bidirectional Unicode spoofing characters (e.g., disguising
.exeas.txt).
💼 Enterprise Ready
Finalized project metadata, ensuring accurate structured data schemas, correct Apple Silicon compilation targets, and a proud 0 Vulnerabilities audit by Snyk.
🍎 macOS Installation Notice
ZDefuser is currently unsigned. Upon your first launch on macOS (Apple Silicon), Gatekeeper may warn that the app is "damaged" or from an "Unidentified Developer".
To permanently fix this, open your Terminal and run:
xattr -cr /Applications/ZDefuser.app