VaultSort 2.9.7
Securitysecure-delete
Hardened secure delete for folders β fixes catalog name leakage, subfolder skipping, symlink traversal, and silent partial failures.
What's New
- Secure delete now obfuscates folder names with 5 random renames before unlinking, preventing recovery tools from reading original directory names out of HFS+/APFS catalog tombstones.
- Secure delete now fully recurses into subdirectories, applying overwrite passes, decoy/timestamp obfuscation, rename, and unlink to every nested level.
Bug Fixes
- Fixed folder contents surviving enhanced delete: subdirectories were silently skipped during secure overwrite, leaving nested files recoverable with their original names intact.
- Fixed original folder name persisting in the volume catalog after enhanced delete β the directory was being unlinked under its real name instead of an obfuscated one.
- Fixed symlink traversal vulnerability: a symlink inside a deleted folder pointing outside its scope (e.g.,
/,~/Documents) could cause recursive overwrite + unlink of unrelated files. Symlinks are now detected via lstat and only the link node itself is removed. - Fixed silent partial failures in secure delete: child entries that couldn't be securely overwritten (permissions, immutable flag, file in use) were quietly plaintext-unlinked when the parent directory was removed. Failures now abort before parent removal, leaving the folder on disk for the user to resolve and retry.
- Fixed minimatch import for watch manager glob matching (minimatch v9+ named export).