New CraftBukkit build now available; provides CRITICAL exploit fix.

Discussion in 'Bukkit News' started by EvilSeph, Apr 7, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph

    A new CraftBukkit build (#670) is now available that fixes a CRITICAL exploit that allows people to easily take down your server.

    Please note: plugin names are now set based on the "name:" field in the plugin.yml, not the jar name anymore. This change MAY BREAK SOME PLUGINS. However, it should be easy to address.

    Download CraftBukkit #670 here

    Also, CI is back up. Sorry for the inconvenience caused!
     
  2. Offline

    Johnny Lunder

    Wow, just wow.
    First reply is a user that didn't bother read the entire post on 6 lines!
    EDIT : And keep up the awesome work, Bukkiteers ^^
     
  3. Offline

    Warboy

    might i question the wisdom of putting this on your front page?
     
  4. Offline

    mixxit

    forces admins to act?
     
  5. Offline

    Dominick

    I am a little interested in how exactly did they crash these servers?
     
  6. Offline

    LucidLethargy

    I must agree with this sentiment... plugin authors wont have their plugins fixed for this instantly, so 90% of the servers out there (or more) will be unable to update for at least a day (most likely 3+) while those who may have an issue with our server or person have time to research and utilize such an exploit maliciously.

    We're in a bit of situation : /
     
  7. Offline

    Jonathan Danek

    where is the plugins.yml located i cant find it?
     
  8. Offline

    unenergizer

    BUKKIT THANK YOU <3 (NO HOMO)
     
  9. Offline

    EvilSeph

    The plugin developers have been made WELL aware of the possible breakage a few weeks in advance and should be well prepared. You shouldn't see a huge downtime, if any as a result. Also, the issue doesn't apply to the majority of plugins.
     
  10. Offline

    Nate204

    Thank You Bukkit Team!
     
  11. Offline

    Evenprime

    All the "bad guys" are watching the bukkit project on github anyway and therefore knew about the bug and how to exploit it the very moment it was fixed (if they didn't know before).

    Not putting this on the frontpage would've only prevented the "good guys" from understanding the severity of this bug, and based on the behaviour of people during the 1.4 update (asking "when will there be a 1.4 bukkit version?" three days after that version was already available) I'd say you can't be enough "in your face" with such things to really get the information across.
     
    Roujo, Qanthelas and Tazzernator like this.
  12. Offline

    sambhur96

    I must go Home and upgrade:)
     
  13. Offline

    but2002

    I upgraded without much issue. Convenient that it renamed a folder because the Jar name was different. <3
     
  14. Offline

    Color42

    Same here updated without issues, only had to change BorderGuard for WorldBorder no biggie and we run 30+ plugins
     
  15. Offline

    surtic

    grate job @bukkit team.... thanks
     
  16. Offline

    freakboy31

    Nice job, Hmm... plugin:name means I can make other plugins optional? kk, I will rath-*epic silence*
     
  17. Offline

    Aholic

    14MB file size, what the hell? *g* #617 was like 8 Megabyte.

    Nice Job! :)
     
  18. Offline

    Nathan C

    556 have this "exploit"?
     
  19. Offline

    Evenprime

    yes, afaik every older version has it.
     
  20. Offline

    mitchrules66

    I updated but now my server cant bind port anymore!

    i can join my server even though it cant bind port...not sure if others can join though

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 13, 2016
  21. Offline

    Zendal

    It doesn't work for me :( . Crafbukkit 670 with no plugins.


    Code:
     >
     10:24:51 [INFO] This server is running Craftbukkit version git-Bukkit-0.0.0-646-gb61ef8c-b670jnks (MC: 1.4)
     >
     10:24:51 [GRAVE] java.lang.NullPointerException
     >
     10:24:51 [GRAVE]     at java.io.FileInputStream.<init>(Unknown Source)
     >
     10:24:51 [GRAVE]     at org.bukkit.util.config.Configuration.load(Configuration.java:72)
     >
     10:24:51 [GRAVE]     at org.bukkit.craftbukkit.CraftServer.<init>(CraftServer.java:64)
     >
     10:24:51 [GRAVE]     at net.minecraft.server.ServerConfigurationManager.<init>(ServerConfigurationManager.java:49)
     >
     10:24:51 [GRAVE]     at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:126)
     >
     10:24:51 [GRAVE]     at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:257)
     >
     10:24:51 [GRAVE]     at net.minecraft.server.ThreadServerApplication.run(SourceFile:375)
     >
     10:24:51 [GRAVE] Unexpected exception
    java.lang.NullPointerException
        at java.io.FileInputStream.<init>(Unknown Source)
        at org.bukkit.util.config.Configuration.load(Configuration.java:72)
        at org.bukkit.craftbukkit.CraftServer.<init>(CraftServer.java:64)
        at net.minecraft.server.ServerConfigurationManager.<init>(ServerConfigurationManager.java:49)
        at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:126)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:257)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:375)
     >
     
  22. Offline

    Don Redhorse

    any other big PULLs outstanding? just finished configuring my server to finally make the passage from hmod and I know that there where some chunk / teleportation / world issues discussed which should become fixed..

    so I wonder if I wait till those bugfixes are integrated... on the other side 617 to 670 is a big jump.

    BTW: would it be possible to post again a changelog of the changes for ADMINS to see what has changed.. most of us are not really able to understand all the stuff happing in the background..

    I know that sometimes changelogs where posted, so it would just mean to make that a constant process... at least for the RB's.
     
  23. Offline

    NordicBlue

    https://github.com/Bukkit/CraftBukkit/commits/master
    There is your changelog :D
     
  24. Offline

    Don Redhorse

    thanks.. but what are the changes between rb 617 and rb 670? :)

    I know a lot more than the average admin.. but if you look at how many threads we got because of the 1.4 update this list is really not for the average admin
     
  25. Offline

    Racha

    What was the bug to take down server, if it is not a secret :p :) ?
     
  26. Offline

    Steve Cole

    not for everyone, it renamed the folder but the plugin just recreated a folder with the old name and wanted to use that folder. luckily i could fix it myself and not wait for a update.
    also had to fix a plugin that uses illegal characters in its name.
     
  27. Offline

    but2002

    Yeah, I remember seeing that plugins namespace became more restricted, but it is for the better.

    Remember, bukkit is not a final product yet, and it's still considered "beta" I believe.. that or alpha.. I don't remember.. It's just an incomplete product, expect this. :D
     
  28. Offline

    Teaboy002

    HOW DO I CHANG MY IP ADRESS?????? MAIL BACK SOON!!!!!!
     
  29. Offline

    Paul_VB

    i have a question
    is 670 a stable, recomended build?

    btw exellent work on everything bukkit team! :p
    600,000 thumbs up!
     
  30. Offline

    MG127

    i have this in the server.prop:
    natural-animals=
    spawn-animals=true

    to allow /spawnmob and no natural spawns, but they spawn like normal
    (also ghasts in nether ... i prevented them from spawning with worldguard, but its broken)
     
Thread Status:
Not open for further replies.

Share This Page