🇨🇳 中文更新日志

🚀 新增功能

新增 Echo 回显支持：集成了多种新的 Echo 利用方式 @ReaJason
高版本 JDK 支持：新增多个支持 JDK 17+ 的利用链（Gadget 名称后缀带有 HighJDK 或 HighVersion） @n1ght (https://www.n1ght.cn/)
内嵌 JDK 支持：支持发布包内嵌 JDK 环境，开箱即用。
Payload 生成扩展：
- 新增 FakeMySQLPipeFile 生成功能 @unam4
- 新增 JSF 加密 Payload 生成功能 @B0T1eR
- 新增 FileUpload1 上传利用链 @B0T1eR
- 新增 Hutool MapProxy 二次反序列化利用 @unam4
- 新增 FastjsonPostgreSQLJdbc 利用链 @xcxmiku
- 支持生成 Tomcat-DocBase 所需字节码（可通过 Fastjson 触发） @xcxmiku
- 新增 XsltOnlyJdk2（使用 HashMap 包装 SwingLazyValue，适配 JNDI2Hessian OnlyJDK 字节码加载） @unam4
环境探测：新增 javax_servlet 与 jakarta_servlet 环境探测功能 @B0T1eR
SpringBeanXmlClassLoader：提供多种 Base64 解码选项 @xcxmiku

JRMPListener 增强：优化了 JRMP 监听器，防止泄漏本地 Lib 库信息，提高安全性 @unam4
依赖区分：明确区分了 MchangeC3p0Reference (com.mchange:c3p0) 与 C3p0_C3p0Reference (c3p0:c3p0) 两种依赖，避免混淆。
UI 体验：优化了前端登录界面的 UI 设计。
操作系统探测优化：改为使用 java.io.UnixFileSystem 和 java.io.WinNTFileSystem，不受 JDK 模块化影响 @xcxmiku
FakeMySQLPipeFile 增强：支持自定义连接用户名 @unam4
Hessian 协议支持：
- 加入 HessianServlet 时的 Hessian 协议头 @unam4
- 兼容 JNDI 到 Hessian 的协议头，以及 Hessian 强制报错触发点（toString）的 Payload 生成 @unam4
类加载优化：去掉 LazyValueWithUrIClassLoader 过期标记，解决 MethodInvokingFactoryBean 在某些 Hessian 版本不可用导致加载 JAR 失败的问题 @unam4

New Echo Modules: Added multiple Echo chains/gadgets. Contributed by @ReaJason.
High JDK Support: Added support for multiple gadgets compatible with JDK 17+ (identified by HighJDK or HighVersion suffix). Contributed by @n1ght (https://www.n1ght.cn/).
Embedded JDK: Support for bundled JDK in the release, allowing out-of-the-box usage.
Payload Generation:
- Added FakeMySQLPipeFile generation. Contributed by @unam4.
- Added JSF encrypted Payload generation. Contributed by @B0T1eR.
- Added FileUpload1 gadget. Contributed by @B0T1eR.
- Added Hutool MapProxy secondary deserialization gadget. Contributed by @unam4.
- Added FastjsonPostgreSQLJdbc gadget. Contributed by @xcxmiku.
- Added support for generating bytecode required for Tomcat-DocBase (triggerable via Fastjson). Contributed by @xcxmiku.
- Added XsltOnlyJdk2 (wraps SwingLazyValue with HashMap to adapt to JNDI2Hessian OnlyJDK bytecode loading). Contributed by @unam4.
Environment Detection: Added detection for javax_servlet and jakarta_servlet. Contributed by @B0T1eR.
SpringBeanXmlClassLoader: Added multiple Base64 decoding options. Contributed by @xcxmiku.

JRMPListener Optimization: Improved JRMPListener to prevent leaking local library information. Contributed by @unam4.
Dependency Clarification: Clearly distinguished between MchangeC3p0Reference (com.mchange:c3p0) and C3p0_C3p0Reference (c3p0:c3p0).
UI Update: Optimized the frontend login user interface.
OS Detection Update: Switched to java.io.UnixFileSystem / java.io.WinNTFileSystem to bypass JDK modularization restrictions. Contributed by @xcxmiku.
FakeMySQLPipeFile Update: Added support for custom connection usernames. Contributed by @unam4.
Hessian Support:
- Added Hessian protocol header when using HessianServlet. Contributed by @unam4.
- Added compatibility for JNDI -> Hessian protocol headers, and payload generation for Hessian forced error triggers (via toString). Contributed by @unam4.
Class Loading Optimization: Removed deprecated status for LazyValueWithUrIClassLoader to resolve JAR loading failures caused by MethodInvokingFactoryBean unavailability in certain Hessian versions. Contributed by @unam4.

Fixed an issue causing port conflicts.
Fixed an issue triggering the Security Manager on Windows environments.
Fixed Hessian Utf8OverlongEncoding error. Contributed by @xcxmiku.
Fixed protocol header conflict between HessianServlet and JNDI2Hessian. Contributed by @unam4.

Special thanks to the following users for reporting bugs and helping improve the project:
@Catherines77 @1diot9 @yuxianzi @Skay @jlkl @Ckmount @4ra1n @springkill