v1.2.1

• BUGFIX: regression introduced in #368.
• BUGFIX: more robust LNK file parsing than handles maliciously crafted files (7e1c8b3, #379)

v1.2.0

• Allow disabling specific warnings via the configuration file (b44ca8f) (documentation).
• BUGFIX: Another JSON encoding issue (1a41075, #376).
• BUGFIX: Return a proper error message when passing invalid metadata to a module (#368).

Contributors: @vojone

v1.1.0

• Add the yrx_scanner_set_module_data function to the C API.
• Show warnings when comparing the result of intXX and uintXX functions with values outside their valid ranges. Example:

  warning[unsatisfiable_expr]: unsatisfiable expression
   --> demo.yar:6:3
    |
  6 |   uint8(0) == 0x1FF
    |   --------    ----- this integer is outside the range [0,255]
    |   |
    |   this expression is an integer in the range [0,255]
    |
  

• BUGFIX: Less strict schema for Cuckoo reports (#369).
• BUGFIX: CLI reports UTF-8 encoding errors instead of ignoring them silently (2372d68) (thanks to @craiu for the report)
• BUGFIX: Fix issue in the Python API while parsing JSON data (#365, c3ad3ac).

Contributors: @vojone @szabgab

v1.0.1

• BUGFIX: Panic while truncating long file paths containing Unicode characters (#360).
• BUGFIX: JSONDecodeError in Python API (#361).

v1.0.0

• First stable release!

• Raise warning when loops can have too many iterations (#352).

• Raise warning when comparing a string that is known to be lowercase (like the result of hash.md5) with a string that contains uppercase characters (150500b). Example:

   warning[unsatisfiable_expr]: unsatisfiable expression
   --> line:5:9
    |
  5 |         test_proto2.string_foo == "FOO"
    |         ----------------------    ----- this contains uppercase characters
    |         |
    |         this is a lowercase string
    |
    = note: a lowercase string can't be equal to a string containing uppercase characters
  

• Better handling of raw bytes and timestamps when decoding module outputs from Python (#357, d65a92a).

v0.15.0

• Implement include statements (#350).
• Add module invoke support to Python API (#348).
• BUGFIX: Parsing aborted when too many rules had the global or private modifiers (d9a1f97).

Contributors: @wxsBSD

v0.14.0

• Parse LC_DYLD_EXPORTS_TRIE in Mach-O files (#303).
• Parse chained fixup imports via LC_DYLD_CHAINED_FIXUPS in Mach-O files (#305).
• Implement tag linter (#304).
• Implement regex anchors ^ and $ in multi-line mode (8b01882).
• Add support for 32-bits targets.
• Improve performance by memoizing some function calls (#311).
• Open source the vt module.
• BUGFIX: Do not abort parsing when .NET file has a table with more than MAX_ROWS_PER_TABLE (908009b).
• BUGFIX: Prevent infinite loop due to cycles in certificate chain (a751199).

Contributors: @latonis, @wxsBSD, @JonathanAnbary

v0.13.0

• Implemented basic linting via the check command.
• Refactor the format of JSON output (#281).
• Parse Mach-O certificates (#276).
• Allow using previously defined variables in with statements (#287).
• BUGFIX: prevent the fmt command from modifying binary files accidentally.
• BUGFIX: fix panic when path starts with ./(#280).
• BUGFIX: reduce consumption of process address space (#292).

Contributors: @chudicek @latonis @wxsBSD

v0.12.0

• The macho module now parses and exposesLC_LINKER_OPTION commands (#256).
• Raise warning with some patterns that have too many 2-byte atoms and are potentially slow (#264).
• Extract more information from the SpcSpOpusInfo structure contained in PE signatures (50180d8).
• BUGFIX: add missing MEAN_BYTES constant to math module (888c77e).
• BUGFIX: panic when calling dylib_hash in some corrupted Mach-O files (c014a26).

Contributors: @latonis

v0.11.1

• BUGFIX: large memory consumption while parsing corrupted PE files (f3ea4f3)