1. Heap overflow vulnerability is fixed in RAR5 recovery volume
     data reconstruction code. It affects WinRAR, RAR and UnRAR.
     UnRAR.dll library doesn't include recovery volume processing,
     so it is not affected.

     We are thankful to Arjun Basnet from Securin Labs for letting us know
     about this security issue.

  2. Symbolic link pointing outside of destination folder could be created
     even without -ola switch, when extracting a specially crafted
     RAR archive by WinRAR, RAR, UnRAR or UnRAR.dll library.
     
     Further check in extraction code prevents placing files to such folder
     even in case of multiple extraction commands, excluding the possibility
     of path traversal attack for WinRAR, RAR or UnRAR based extraction.
     It limits the potential threat to a case where another tool uses this
     symbolic link to store files.

     We are thankful to scofaild23-bnomran for letting us know about this
     security issue.

  3. 7zxa.dll 7z extraction library is updated to version 26.02 to include
     bug and vulnerability fixes by the library developer.
  
  4. Switch -iver prints RAR version even if -idc is specified
     in the command line, configuration file or RARINISWITCHES environment
     variable. Previously -idc blocked -iver action.
     
     Also a new line character is added to -iver output.