- Unreferenced strings are allowed if their identifier start with
_(#1941) - New command-line option
--disable-console-logsfor disabling the output of the console module (#1915) - New command-line option
--strict-escapethat raises warnings on unknown escape sequences (#1880). - Improve performance by avoiding the execution of rule conditions that can't match (#1927)
- Add callback message
CALLBACK_MSG_TOO_SLOW_SCANNINGfor notifying about slow rules (#1921). - Expose function RVA in
pe.export_details(#1882). - BUGFIX: Fix issues in the computation of
imphashinpemodule (#1944). Credits to the NSHC ThreatRecon team!
BUGFIX: Fix multiple out-of-bound memory reads indexmodule (#1949, #1951). - BUGFIX: Fix memory alignment issues (#1930).
- BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933).
- BUGFIX: Some rules not matching when
--fast-scanis used (4de3d57) - BUGFIX: Properly list memory regions while scanning processes in Mac OS. (#2033)
- BUGFIX: RFC5652 countersignatures are now correctly parsed in
pemodule (#2034) - BUGFIX: Fix potential DoS due to crashes in authenticode parser with malformed files (#2034). Credits to Bahaa Naamneh!
- BUGFIX: Fix SIGSEGV in
magicmodule whenlibmagicreturns null pointer (3342aa0) - BUGFIX: Prevent infinite recursion while following symlinks (923368e)
Thanks to: @mgoffin, @wxsBSD, @cblichmann, @secDre4mer, @vthib, @regeciovad, @kylereedmsft, @TommYDeeee, @humpalum, @metthal