I’ve built a candidate fix for the RNCryptor HMAC vulnerability. It’s on a branch (issue44) currently, but I’ll merge it to master next week if no one sees problems, and update the docs. By default it is incompatible with v1 files. If you need to be able to decrypt v1 files, you can define RNCRYPTOR_ALLOW_V1_BAD_HMAC when building.
Please let me know if anyone encounters issues.