Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix!: vulnerability issues #436

Merged
merged 2 commits into from
Jul 27, 2024
Merged

fix!: vulnerability issues #436

merged 2 commits into from
Jul 27, 2024

Commits on Jul 27, 2024

  1. fix: stop portal packets still being forwarded to the client

    Thanks to rooter.rs for notifying me of these issues :)
    
    Multiple people made me aware of this one, but they were the first :D
    
    For details see https://roote.rs/posts/advancedportals/
    sekwah41 committed Jul 27, 2024
    Configuration menu
    Copy the full SHA
    dab92a2 View commit details
    Browse the repository at this point in the history
  2. fix!: disable proxy detection to avoid vulnerabilities (see full comm…

    …it for more info)
    
    If you are using 1.12 or lower you are unaffected as the features causing this issue were not implemented back then.
    
    Thanks to rooter.rs for notifying me of these issues as well as helping code and test a fix for this.
    
    Velocity was unaffected by this issue if you had the plugin on the proxy though due to the likelihood that may not be the case I have decided to disable this for everyone by default
    
    If you are on bungee you will 100% want to update to this version right away.
    
    For a full writeup by roote.rs see https://roote.rs/posts/advancedportals/
    sekwah41 committed Jul 27, 2024
    Configuration menu
    Copy the full SHA
    d5e9098 View commit details
    Browse the repository at this point in the history