WhatsApp for Windows 歷史舊版本 Page26

更新時間：2022-02-05
更新細節：

更新時間：2022-02-04
更新細節：

更新時間：2022-01-31
更新細節：

What's new in this version:

Added
- SandMan now causes all boxed processes to update their path settings in real time when access options were modified
- added new maintenance menu option "Uninstall All" to quickly remove all components when running in portable mode
- added version number to the title bar of Sandboxie Classic
- added option to return not to a snapshot but to an empty box state while keeping all snapshots
- Sandboxie-Plus.ini can now be placed in C:ProgramDataSandboxie-Plus folder and takes precedence (for business use)
- added support for AF_UNIX on Windows to resolve issues with OpenJDK17 and later

Changed
- reworked breakout mechanism to be service based and not allowing the parent process to access the broken out child process
- enabled creation of directory junctions for sandboxed processes
- restored back AutoRecover=y on box creation
- improved snapshot support
- renamed "Disable Forced Programs" command to "Pause Forced Programs Rules" (Plus only)

Fixed
fixed BreakoutProcess not working with EnableObjectFiltering=y
FIXED SECURITY ISSUE: when starting COMSRV unboxed, the returned process handle had full access
fixed issue with progress dialog
fixed issue with handling directory junctions in Sandboxie
fixed a handle leak in File_NtCloseImpl
fixed border issues on maximized windows introduced in the last build
fixed a couple of index overruns
fixed issues with sysnative directory
fixed issue with starting SandMan when running sandboxed from context menu
fixed dark mode flash issue with main window creation
fixed issues with snapshot error handling
fixed issues with the always on top option (Plus only)

更新時間：2022-01-19
更新細節：

What's new in this version:

Changed:
- (SEMVER-MINOR) child_process: add support for URL to cp.fork
- (SEMVER-MINOR) crypto: alias webcrypto.subtle and webcrypto.getRandomValues on crypto
- doc: add Mesteery to collaborators
- (SEMVER-MINOR) events: graduate capturerejections to supported
- (SEMVER-MINOR) events: add EventEmitterAsyncResource to core
- (SEMVER-MINOR) loader: return package format from defaultResolve if known
- (SEMVER-MINOR) perf_hooks: multiple fixes for Histogram
- (SEMVER-MINOR) stream: add filter method to readable
- (SEMVER-MINOR) stream: add isReadable helper
- (SEMVER-MINOR) stream: add map method to Readable

更新時間：2022-01-19
更新細節：

What's new in this version:

Added:
- added Portuguese of Portugal on Plus UI (by JNylson, isaak654, mpheath)
- added "BreakoutProcess=program.exe", with this option selected applications can be started unboxed from within a box
- the program image must be located outside the sandbox for this to work
- if another sandbox has "ForceProcess=program.exe" configured, it will capture the process
- use case: set up a box with a Web browser forced, when another box opens a website, this will happen in the dedicated browser box
- Note: "BreakoutFolder=somepath" is also available
- added silent uninstall switch /remove /S for Classic installer

Changed:
- The filename "sandman_pt" was changed to "sandman_pt_BR" (Brazilian Portuguese)
- The filename "sandman_ua" was changed to "sandman_uk" (Ukrainian)
- Note: Translators are encouraged to follow the Localization notes and tips before creating a new pull request
- updated Firefox update blocker

Fixed:
- issue with opening all file access OpenFilePath=*- issue with opening network shares
- possible upgrade issue with Classic installer 130c43a
- minor issues with Classic installer
- issue with Ldr_FixImagePath_2
- when using "Run Sandboxed" with SandMan UI and the UI is off, it wil stay off
- issue with Util_GetProcessPidByName that should resolve the driver sometimes failing to start at boot
- SandMan will now run in background like SbieCtrl when starting a boxed process post506
- taskbar not showing with persistent box border in full screen post474
- box border not spanning across multiple monitors
- issues with border when using DPI scaling
- DPI issues with Qt
- issue with bright flashing on window creation when in dark mode
- issues with the PortableRootDir setting
- issue with the settings window crashing when the driver was not connected
- DPI issues with Finder Tool
- another issue with reused process IDs
- issue introduced in 1.0.6 related to SeAccessCheckByType

更新時間：2022-01-19
更新細節：

更新時間：2022-01-11
更新細節：

What's new in this version:

Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531):
- Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.
- Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option
- More details will be available at CVE-2021-44531 after publication

Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532):
- Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.
- Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
- More details will be available at CVE-2021-44532 after publication

Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533):
- Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.
- Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
- More details will be available at CVE-2021-44533 after publication

Prototype pollution via console.table properties (Low)(CVE-2022-21824):
- Due to the formatting logic of the console.table() function it was not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be __proto__. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.
- Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to
- More details will be available at CVE-2022-21824 after publication
- Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability

更新時間：2022-01-08
更新細節：

What's new in this version:

Added:
- added experimental option "CreateToken=y" to create a new token instead of repurposing an existing one
- added option "DisableRTBlacklist=y" allowing to disable the hardcoded runtime class blacklist
- added new template "DeviceSecurity" to lock down access to device drivers on the system
- Note: This template requires RuleSpecificity being available to work properly
- added option to set a custom ini editor in the Plus UI
- added option "LingerLeniency=n" to solve issue

Changed:
- reworked syscall invocation code in the driver
- Win32k hooking is now compatible with HVCI #1483

Fixed:
- memory leak in driver (conf_user.c)
- issue with file renaming in open paths introduced in 1.0.6
- issue causing Chromium browsers not closing properly
- issue with start.exe
- SandMan issue with reused process IDs
- KmdUtil sometimes not properly terminating the driver

Removed:
- removed OpenToken as it is only a shorthand for UnrestrictedToken=y and UnfilteredToken=y set together

更新時間：2022-01-05
更新細節：

What's new in this version:

Changes:
- mime: use percent-escaping for multipart form field and file names

Fixed:
- asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
- azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
- BINDINGS: add cURL client for PostgreSQL
- BINDINGS: add one from Everything curl and update a link
- checksrc: detect more kinds of NULL comparisons we avoid
- CI: build examples for additional code verification
- CI: bump job to use mbedtls 3.1.0
- cmake: don't set _USRDLL on a static Windows build
- cmake: prevent dev warning due to mismatched arg
- cmake: private identifiers use CURL_ instead of CMAKE_ prefix
- config.d: update documentation to match the path search
- configure: add -lm to configure for rustls build.
- configure: better diagnostics if hyper is built wrong
- configure: don't enable TLS when --without-* flags are used
- configure: fix runtime-lib detection on macOS
- curl.1: require "see also" for every documented option
- curl: improve error message for --head with -J
- curl_easy_cleanup.3: remove from multi handle first
- curl_easy_escape.3: call curl_easy_cleanup in example
- curl_easy_unescape.3: call curl_easy_cleanup in example
- curl_multi_init.3: fix EXAMPLE formatting
- curl_multi_perform/socket_action.3: clarify what errors mean
- curl_share_setopt.3: split out options into their own manpages
- CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
- digest: compute user:realm:pass digest w/o userhash
- docs/checksrc: Add documentation for STRERROR
- docs/cmdline-opts: do not say "protocols: all"
- docs/examples: workaround broken -Wno-pedantic-ms-format
- docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
- docs/INSTALL.md: typo fix : added missing "get" verb
- docs/URL-SYNTAX.md: space is not fine in a given URL
- docs: add known bugs list to HTTP3.md
- docs: address proselint nits
- docs: consistent manpage SYNOPSIS
- docs: fix dead links, remove ECH.md
- docs: fix typo in OpenSSL 3 build instructions
- docs: Update the Reducing Size section
- example/progressfunc: remove code for old libcurls
- examples/multi-single.c: remove WAITMS()
- FAQ: typo fix : "yout" ➤ "your"
- ftp: disable warning 4706 in MSVC
- gen.pl: improve example output format
- github workflow: add wolfssl (removed from zuul)
- github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
- gtls: check return code for gnutls_alpn_set_protocols
- hash: lazy-alloc the table in Curl_hash_add()
- http2:set_transfer_url() return early on OOM
- HTTP3: update quiche build instructions
- http: enable haproxy support for hyper backend
- http: Fix CURLOPT_HTTP200ALIASES
- http_proxy: don't close the socket (too early)
- insecure.d: detail its use for SFTP and SCP as well
- insecure.d: expand and clarify
- libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
- libcurl-security.3: mention address and URL mitigations
- libssh2: fix error message for sha256 mismatch
- libtest: avoid "assignment within conditional expression"
- lift: ignore is a deprecated config option, use ignoreRules
- linkcheck.yml: add CI job that checks markdown links
- m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
- Makefile.m32: rename -winssl option to -schannel and tidy up
- mbedTLS: add support for CURLOPT_CAINFO_BLOB
- mbedtls: fix CURLOPT_SSLCERT_BLOB
- mbedtls: fix private member designations for v3.1.0
- misc: remove unused doh flags when CURL_DISABLE_DOH is defined
- misc: s/e-mail/email
- multi: cleanup the socket hash when destroying it
- multi: handle errors returned from socket/timer callbacks
- multi: shut down CONNECT in Curl_detach_connnection
- netrc.d: edit the .netrc example to look nicer
- ngtcp2: verify the server cert on connect (quictls)
- ngtcp2: verify the server certificate for the gnutls case
- nss:set_cipher don't clobber the cipher list
- openldap: implement STARTTLS
- openldap: process search query response messages one by one
- openldap: several minor improvements
- openldap: simplify ldif generation code
- openssl: check the return value of BIO_new()
- openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
- openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
- openssl: remove usage of deprecated `SSL_get_peer_certificate`
- openssl: use non-deprecated API to read key parameters
- page-footer: add a mention of how to report bugs to the man page
- page-footer: document more environment variables
- request.d: refer to 'method' rather than 'command'
- retry-all-errors.d: make the example complete
- runtests: make the SSH library a testable feature
- rustls: read of zero bytes might be okay
- rustls: remove comment about checking handshaking
- rustls: remove incorrect EOF check
- sha256/md5: return errors when init fails
- socks5: use appropriate ATYP for numerical IP address host names
- test1156: enable for hyper
- test1156: fixup the stdout check for Windows
- test1525: tweaked for hyper
- test1526: enable for hyper
- test1527: enable for hyper
- test1528: enable for hyper
- test1554: adjust for hyper
- test1556: adjust for hyper
- test302[12]: run only with the libssh2 backend
- test661: enable for hyper
- tests/CI.md: add more information on CI environments
- tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
- tftp: mark protocol as not possible to do over CONNECT
- tool_findfile: updated search for a file in the homedir
- tool_operate: only set SSH related libcurl options for SSH URLs
- tool_operate: warn if too many output arguments were found
- url.c: fix the SIGPIPE comment for Curl_close
- url: check ssl_config when re-use proxy connection
- url: reduce ssl backend count for CURL_DISABLE_PROXY builds
- urlapi: accept port number zero
- urlapi: if possible, shorten given numerical IPv6 addresses
- urlapi: provide more detailed return codes
- urlapi: reject short file URLs
- version_win32: Check build number and platform id
- vtls/rustls: adapt to the updated rustls_version proto
- writeout: fix %{http_version} for HTTP/3
- x509asn1: return early on errors
- zuul.d: update rustls-ffi to version 0.8.2
- zuul: fix quiche build pointing to wrong Cargo

更新時間：2022-01-04
更新細節：

What's new in this version:

- Fix: fixed issue when mp3 encoder didn't always use the sample rate set under the Output Audio settings

New:
- added Webp suppor to covers and Cover Converter
- tweaked the Settings size to fit into lower resolution displays
- added %releasecountry% as a filename pattern element
- added Hungarian language support