7-Zip 18.00 is not really "released" at this time.

18.00 is marked as "beta" in the official website, and 16.04 is still at the top of the list. An average person trying to download 7-Zip right now will most likely choose the vulnerable version.

Beta versions of 7-Zip frequently stay in that status for months, if not years. Between 9.20 and 15.12, 7-Zip produced nothing but beta versions for 5 years. I understand the project moves slowly, but this is not a release model that facilitates quick dissemination of important security patches.

> Between 9.20 and 15.12, 7-Zip produced nothing but beta versions for 5 years.

That's not all that surprising. The software was 10 years old when v9 came out and the major version number is just the year of release. There aren't 5 major releases that never got out of beta. The major version numbers in 7-Zip are misleading this way because the author doesn't really conform to standard conventions. Of course, that is pretty obvious once you use the software for awhile. It still doesn't properly support UAC.

Yes, the way 7-zip releases are done is not ideal and the versioning scheme is just weird. I wish he would make his versioning clearer.

Thanks for pointing this out. I just fixed it.