Even more, there are regularly security vulnerabilities patched in releases that don't get CVEs and don't get any mention in patch notes, there are no incremental commits between releases, just giant code dumps. There's no changelog linked on the 7-zip.org website. There's no auto-update or update check mechanism, which is problematic for a project with regular CVEs whose primary purpose is handling untrusted inputs.

7-zip is not a serious project and its use should be strongly discourged.