Hello, A new beta release of WinRAR version 5.50 beta 4 was posted today. Website Downloads Changelog
As far as I understand it, it seems that a five year old vulnerability has been fixed now in WinRAR in this version 5.50 beta 4. It is about a vulnerability in unrar. It seems that at least it is/was in unrar, WinRAR and ClamAV. Sophos seems to have fixed it already five years ago. Article in Dutch at Security.nl. Article in Dutch at Dutch National Cyber Security Centrum (NCSC) here. US-CERT : https://www.us-cert.gov/ncas/bulletins/SB17-177 I think you have to scroll down there to this: NIST : https://nvd.nist.gov/vuln/detail/CVE-2012-6706 For ClamAV in SUSE there is this security announcement: https://lists.opensuse.org/opensuse-security-announce/2017-06/msg00041.html I admit, it is a strange situation and I wasn't sure where to post this.
Thanks The settings of WinRAR (stored in the registry: Computer\HKEY_CURRENT_USER\Software\WinRAR) are not retained (at least for the administrator) after an update. WinRAR has to be configured again. The settings for a standard user seems to be retained. But it is not a big problem, settings can be restored easily (Options - Import/Export)
A new feature of WinRAR 5.50 is the password manager. The encryption algorithm of the new RAR 5.0 archive format is changed from AES-128 to AES-256 (CBC Mode) and WinRAR is using using AES-256 in CTR mode for encrypted ZIP archives (instead of the old ZIP 2.0 legacy encryption algorithm), but "ZIP legacy encryption" can still be selected (for compatibility with older unzip software)
WinRAR 5.60 beta 1 Released (March 11, 2018) Download Changelog Spoiler: Changelog Version 5.60 beta 1 1. We updated WinRAR graphics. We are grateful to http://weirdsgn.com and http://icondesignlab.com designers participated in this endeavor and proud to announce that WinRAR uses the new icon set prepared by Aditya Nugraha Putra from http://weirdsgn.com. Previous WinRAR icons are available as interface theme here: https://rarlab.com/themes/WinRAR_Classic_48x36.theme.rar 2. "Repair" command efficiency is improved for recovery record protected RAR5 archives. Now it can detect deletions and insertions of unlimited size also as shuffled data including data taken from several recovery record protected archives and merged into a single file in arbitrary order. 3. "Turn PC off when done" archiving option is changed to "When done" drop down list, so you can turn off, hibernate or sleep your PC after completing archiving. 4. Use -ioff or -ioff1 command line switch to turn PC off, -ioff2 to hibernate and -ioff3 to sleep your PC after completing an operation. 5. If encoding of comment file specified in -z<file> switch is not defined with -sc switch, RAR attempts to detect UTF-8, UTF-16LE and UTF-16BE encodings based on the byte order mask and data validity tests. 6. WinRAR attempts to detect ANSI, OEM and UTF-8 encodings of ZIP archive comments automatically. 7. "Internal viewer/Use DOS encoding" option in "Settings/Viewer" is replaced with "Internal viewer/Autodetect encoding". If "Autodetect encoding" is enabled, the internal viewer attempts to detect ANSI (Windows), OEM (DOS), UTF-8 and UTF-16 encodings. 8. Normally Windows Explorer context menu contains only extraction commands if single archive has been right clicked. You can override this by specifying one or more space separated masks in "Always display archiving items for" option in Settings/Integration/Context menu items", so archiving commands are always displayed for these file types even if file was recognized as archive. If you wish both archiving and extraction commands present for all archives, place "*" here. 9. SFX module "SetupCode" command accepts an optional integer parameter allowing to control mapping of setup program and SFX own error codes. It is also accessible as "Exit code adjustment" option in "Advanced SFX options/Setup" dialog. 10. New "Show more information" WinRAR command line -im switch. It can be used with "t" command to issue a message also in case of successful archive test result. Without this switch "t" command completes silently if no errors are found. This switch is applicable only to WinRAR.exe and ignored by console RAR.exe. 11. If a wrong password is entered when unpacking an encrypted file in ZIP archive, WinRAR proposes to enter a valid password for same file again instead of aborting extraction. 12. If a wrong password is entered when opening or unpacking RAR archive with encrypted file names, WinRAR proposes to enter a valid password again instead of aborting the operation. Previous versions already did so for RAR archives with encrypted file data, but aborted for archives with file name encryption. 13. WinRAR recognizes GZIP files with arbitrary data preceding an actual GZIP archive, such as .scexe firmware files. 14. @filelist parameter can be specified in "Files to add" field of archiving dialog. In this case WinRAR will attempt the list of archiving files from 'filelist' file, which should be the plain text, one file name per line. 15. Info dialog: a) compression ratio graph is updated; b) "Names and data" is displayed in "Encryption" field for archives with encrypted file names. 16. Full archive name is displayed if mouse pointer is placed over an archive name in the operation progress window. It can be useful if archive name is lengthy and does not fit to available window space. 17. If -ts1 switch is used with -u or -f, file time comparison is performed with 1 second precision. Previosuly in such case we could wrongly treat an adding file as newer than archived just because we compared the high precision adding file time against the low precision archived file time. 18. "Update" and "Fresh" commands ('u' and 'f' in the command line mode) quit immediately if no files are to be updated. Previously they created a temporary archive before quitting when updating archives with recovery record or quick open information. 19. Prompt is issued after creating 500 volumes from WinRAR GUI shell, so user can continue or quit further archiving. It is done to prevent creating many thousands of volumes in case of wrongly entered volume size. 20. WinRAR uses megabytes instead of bytes as default units for volume size field in the archiving dialog. 21. "Repair" command issues "Recovery record is corrupt" message after repairing RAR5 archive containing a broken recovery record. Previously such message was issued only by "Test" command and "Repair" handled most of recovery record damages silently. 22. Bugs fixed: a) fixed potential security issues when processing corrupt RAR archives; b) non-English characters in TAR files with PAX extended headers were not displayed correctly; c) "rar x arcname.rar .." command unpacked files to current folder instead of its parent; d) pasting files from Windows Explorer to archive opened in WinRAR blocked further copy and paste operations in Explorer until archiving was finished; e) SFX module issued "The specified password is incorrect" message infinitely not prompting for correct password once a wrong password was entered; f) folders time was always set when extracting ZIP archives even if "File time" options in the extraction dialog were turned off; g) if "Delete mode: Always" was selected when extracting and user pressed "Cancel" in the file overwrite or password prompt, an archive could be deleted even after cancelling extraction for .zip and .7z formats. The graphics were updated (contextmenu / file icon / GUI):
WinRAR 5.60 beta 2 Released (March 31, 2018) Download Changelog Spoiler: Changelog Version 5.60 beta 2 1. "Extra large buttons" option in "Settings/General" selects 64x48 toolbar buttons. 2. "Restart" option is added to "Advanced/When done" list in archiving dialog. 3. -ioff4 switch can be used to restart PC after completing archiving or extraction. 4. Since it may take a lot of time to display contents of large tar.bz2 and tar.gz files, WinRAR displays the percent complete in the status bar while opening such archives. 5. Bugs fixed: a) previous beta did not restore the toolbar layout changed by user.
Hello, A new beta release of WinRAR version 5.60 beta 3 was posted today. Website Downloads Changelog
WinRAR 5.60 Released (June 26, 2018) Website Download Changelog Spoiler: Changelog v5.60 Version 5.60 1. We updated WinRAR graphics. We are grateful to http://weirdsgn.com and http://icondesignlab.com designers participated in this endeavor and proud to announce that WinRAR uses the new icon set prepared by Aditya Nugraha Putra from http://weirdsgn.com. Previous WinRAR icons are available as interface theme here: https://rarlab.com/themes/WinRAR_Classic_48x36.theme.rar 2. "Repair" command efficiency is improved for recovery record protected RAR5 archives. Now it can detect deletions and insertions of unlimited size also as shuffled data including data taken from several recovery record protected archives and merged into a single file in arbitrary order. 3. "Turn PC off when done" archiving option is changed to "When done" drop down list, so you can turn off, hibernate or sleep your PC after completing archiving. 4. Use -ioff or -ioff1 command line switch to turn PC off, -ioff2 to hibernate and -ioff3 to sleep your PC after completing an operation. 5. If encoding of comment file specified in -z<file> switch is not defined with -sc switch, RAR attempts to detect UTF-8, UTF-16LE and UTF-16BE encodings based on the byte order mask and data validity tests. 6. WinRAR attempts to detect ANSI, OEM and UTF-8 encodings of ZIP archive comments automatically. 7. "Internal viewer/Use DOS encoding" option in "Settings/Viewer" is replaced with "Internal viewer/Autodetect encoding". If "Autodetect encoding" is enabled, the internal viewer attempts to detect ANSI (Windows), OEM (DOS), UTF-8 and UTF-16 encodings. 8. Normally Windows Explorer context menu contains only extraction commands if single archive has been right clicked. You can override this by specifying one or more space separated masks in "Always display archiving items for" option in Settings/Integration/Context menu items", so archiving commands are always displayed for these file types even if file was recognized as archive. If you wish both archiving and extraction commands present for all archives, place "*" here. 9. SFX module "SetupCode" command accepts an optional integer parameter allowing to control mapping of setup program and SFX own error codes. It is also accessible as "Exit code adjustment" option in "Advanced SFX options/Setup" dialog. 10. New "Show more information" WinRAR command line -im switch. It can be used with "t" command to issue a message also in case of successful archive test result. Without this switch "t" command completes silently if no errors are found. This switch is applicable only to WinRAR.exe and ignored by console RAR.exe. 11. If a wrong password is entered when unpacking an encrypted file in ZIP archive, WinRAR proposes to enter a valid password for same file again instead of aborting extraction. 12. If a wrong password is entered when opening or unpacking RAR archive with encrypted file names, WinRAR proposes to enter a valid password again instead of aborting the operation. Previous versions already did so for RAR archives with encrypted file data, but aborted for archives with file name encryption. 13. WinRAR recognizes GZIP files with arbitrary data preceding an actual GZIP archive, such as .scexe firmware files. 14. @filelist parameter can be specified in "Files to add" field of archiving dialog. In this case WinRAR will attempt the list of archiving files from 'filelist' file, which should be the plain text, one file name per line. 15. Info dialog: a) compression ratio graph is updated; b) "Names and data" is displayed in "Encryption" field for archives with encrypted file names. 16. Full archive name is displayed if mouse pointer is placed over an archive name in the operation progress window. It can be useful if archive name is lengthy and does not fit to available window space. 17. If -ts1 switch is used with -u or -f, file time comparison is performed with 1 second precision. Previosuly in such case we could wrongly treat an adding file as newer than archived just because we compared the high precision adding file time against the low precision archived file time. 18. "Update" and "Fresh" commands ('u' and 'f' in the command line mode) quit immediately if no files are to be updated. Previously they created a temporary archive before quitting when updating archives with recovery record or quick open information. 19. Prompt is issued after creating 500 volumes from WinRAR GUI shell, so user can continue or quit further archiving. It is done to prevent creating many thousands of volumes in case of wrongly entered volume size. 20. WinRAR uses megabytes instead of bytes as default units for volume size field in the archiving dialog. 21. "Repair" command issues "Recovery record is corrupt" message after repairing RAR5 archive containing a broken recovery record. Previously such message was issued only by "Test" command and "Repair" handled most of recovery record damages silently. 22. Bugs fixed: a) fixed potential security issues when processing corrupt RAR archives; b) non-English characters in TAR files with PAX extended headers were not displayed correctly; c) "rar x arcname.rar .." command unpacked files to current folder instead of its parent; d) pasting files from Windows Explorer to archive opened in WinRAR blocked further copy and paste operations in Explorer until archiving was finished; e) SFX module issued "The specified password is incorrect" message infinitely not prompting for correct password once a wrong password was entered; f) folders time was always set when extracting ZIP archives even if "File time" options in the extraction dialog were turned off; g) if "Delete archive: Always" was selected when extracting and user pressed "Cancel" in the file overwrite or password prompt, an archive could be deleted even after cancelling extraction for .zip and .7z formats.
I just upgraded to the new version & it has changed it from registered version to evaluation version & wont accept my key, I only recently just bought it. Have emailed support.
No issue with my license, update worked fine and license recognised. Did you purchase directly from WinRAR website or from a third party? Are you sure the license key is still in the rar folder? may be you installed WinRAR somewhere else?
The license was bought directly on the winrar website in April. When I checked the folder I installed winrar the keyfile had vanished, extracted it for the key archive they sent me but still says evaluation. Even uninstalled it, rebooted & reinstalled it but still evaluation version.
According to support, I didn't purchase it through any special promotion, I bought it directly from them on their website & used a discount code to knock the price down a bit. Nowhere in any of the order & payment emails mentioned it was just for a specific version. I could understand a charge for a major version upgrade from 5.50 to 6.0 but not from 5.50 to 5.60. They want me to purchase a maintenance subscription that is just over £5 a year. I also thought the licences were lifetime as well.
Probably special promotion=discount code. And indeed there is a subscription mode aside from the lifetime but IMO does not make sense for private users, it's more for enteprises. Do you remember what was displayed in winrar on your license? Full name and single user label or something else?
It had my full name & 1 PC usage license. The discount code was just the standard discount code you enter during the the buying procedure. If I had known I would have had this hassle & also having to purchase a yearly maintenance sub ( I only got that as I just want this sorted out) makes me feel like they are taking me for a ride. AFAIK the licence was supposed to be lifetime.
WinRAR 5.61 beta 1 Released (September 3, 2018) Download Changelog Spoiler: Changelog v5.61 beta 1 Version 5.61 beta 1 1. "Delete archive" extraction option deletes all volumes even if user started extraction from non-first RAR volume, but first volume is present and all files are unpacked successfully. In such case previous versions ignored "Delete archive" even if WinRAR was able to locate the first volume and process the volume set from beginning. 2. Compression ratio bar is not displayed on "Archive" page of Explorer file properties for archives with encrypted file names. WinRAR cannot reliably calculate it for such archives without a password and previously it just displayed 0% here. 3. Bugs fixed: a) WinRAR displayed "The specified password is incorrect" message infinitely when attempting to open RAR5 archive with encrypted file names if wrong global password was set with Ctrl+P; b) memory management bug in the password dialog could lead to access to already freed memory followed by crash. This issue may be also associated with security risks; c) fixed a crash when processing corrupt RAR archives. This issue may be also associated with security risks; d) while starting, WinRAR could cause a brief flickering in menu bars of few other applications; e) WinRAR "Find" command matched "String to find" against all archived files ignoring "File names to find" mask when searching in CAB archives; f) SFX module "License" command did not set a title of license window; g) if "Start-up folder" in WinRAR settings included the trailing backslash, WinRAR ignored first "Up one level" command.
WinRAR 5.61 Released (October 1, 2018) Download Changelog Spoiler: Changelog v5.61 Version 5.61 1. "Delete archive" extraction option deletes all volumes even if user started extraction from non-first RAR volume, but first volume is present and all files are unpacked successfully. In such case previous versions ignored "Delete archive" even if WinRAR was able to locate the first volume and process the volume set from beginning. 2. Compression ratio bar is not displayed on "Archive" page of Explorer file properties for archives with encrypted file names. WinRAR cannot reliably calculate it for such archives without a password and previously it just displayed 0% here. 3. Bugs fixed: a) WinRAR displayed "The specified password is incorrect" message infinitely when attempting to open RAR5 archive with encrypted file names if wrong global password was set with Ctrl+P; b) memory management bug in the password dialog could lead to access to already freed memory followed by crash. This issue may be also associated with security risks; c) fixed a crash when processing corrupt RAR archives. This issue may be also associated with security risks; d) while starting, WinRAR could cause a brief flickering in menu bars of few other applications; e) WinRAR "Find" command matched "String to find" against all archived files ignoring "File names to find" mask when searching in CAB archives; f) SFX module "License" command did not set a title of license window; g) if "Start-up folder" in WinRAR settings included the trailing backslash, WinRAR ignored first "Up one level" command.