New CraftBukkit build now available; provides CRITICAL exploit fix.

Discussion in 'Bukkit News' started by EvilSeph, Apr 8, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    A new CraftBukkit build (#670) is now available that fixes a CRITICAL exploit that allows people to easily take down your server.

    Please note: plugin names are now set based on the "name:" field in the plugin.yml, not the jar name anymore. This change MAY BREAK SOME PLUGINS. However, it should be easy to address.

    Download CraftBukkit #670 here

    Also, CI is back up. Sorry for the inconvenience caused!
  2. Offline

    Johnny Lunder

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Wow, just wow.
    First reply is a user that didn't bother read the entire post on 6 lines!
    EDIT : And keep up the awesome work, Bukkiteers ^^
  3. Offline

    Warboy

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    might i question the wisdom of putting this on your front page?
  4. Offline

    mixxit

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    forces admins to act?
  5. Offline

    Dominick

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    I am a little interested in how exactly did they crash these servers?
  6. Offline

    LucidLethargy

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    I must agree with this sentiment... plugin authors wont have their plugins fixed for this instantly, so 90% of the servers out there (or more) will be unable to update for at least a day (most likely 3+) while those who may have an issue with our server or person have time to research and utilize such an exploit maliciously.

    We're in a bit of situation : /
  7. Offline

    Jonathan Danek

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    where is the plugins.yml located i cant find it?
  8. Offline

    unenergizer

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    BUKKIT THANK YOU <3 (NO HOMO)
  9. Offline

    EvilSeph

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    The plugin developers have been made WELL aware of the possible breakage a few weeks in advance and should be well prepared. You shouldn't see a huge downtime, if any as a result. Also, the issue doesn't apply to the majority of plugins.
  10. Offline

    Nate204

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Thank You Bukkit Team!
  11. Offline

    Evenprime

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    All the "bad guys" are watching the bukkit project on github anyway and therefore knew about the bug and how to exploit it the very moment it was fixed (if they didn't know before).

    Not putting this on the frontpage would've only prevented the "good guys" from understanding the severity of this bug, and based on the behaviour of people during the 1.4 update (asking "when will there be a 1.4 bukkit version?" three days after that version was already available) I'd say you can't be enough "in your face" with such things to really get the information across.
    Roujo, Qanthelas and Tazzernator like this.
  12. Offline

    sambhur96

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    I must go Home and upgrade:)
  13. Offline

    but2002

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    I upgraded without much issue. Convenient that it renamed a folder because the Jar name was different. <3
  14. Offline

    Color42

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Same here updated without issues, only had to change BorderGuard for WorldBorder no biggie and we run 30+ plugins
  15. Offline

    surtic

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    grate job @bukkit team.... thanks
  16. Offline

    freakboy31

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Nice job, Hmm... plugin:name means I can make other plugins optional? kk, I will rath-*epic silence*
  17. Offline

    Aholic

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    14MB file size, what the hell? *g* #617 was like 8 Megabyte.

    Nice Job! :)
  18. Offline

    Nathan C

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    556 have this "exploit"?
  19. Offline

    Evenprime

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    yes, afaik every older version has it.
  20. Offline

    mitchrules66

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    I updated but now my server cant bind port anymore!
  21. Offline

    mitchrules66

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    i can join my server even though it cant bind port...not sure if others can join though
  22. Offline

    Zendal

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    It doesn't work for me :( . Crafbukkit 670 with no plugins.


    Code:
     >
     10:24:51 [INFO] This server is running Craftbukkit version git-Bukkit-0.0.0-646-gb61ef8c-b670jnks (MC: 1.4)
     >
     10:24:51 [GRAVE] java.lang.NullPointerException
     >
     10:24:51 [GRAVE]     at java.io.FileInputStream.<init>(Unknown Source)
     >
     10:24:51 [GRAVE]     at org.bukkit.util.config.Configuration.load(Configuration.java:72)
     >
     10:24:51 [GRAVE]     at org.bukkit.craftbukkit.CraftServer.<init>(CraftServer.java:64)
     >
     10:24:51 [GRAVE]     at net.minecraft.server.ServerConfigurationManager.<init>(ServerConfigurationManager.java:49)
     >
     10:24:51 [GRAVE]     at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:126)
     >
     10:24:51 [GRAVE]     at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:257)
     >
     10:24:51 [GRAVE]     at net.minecraft.server.ThreadServerApplication.run(SourceFile:375)
     >
     10:24:51 [GRAVE] Unexpected exception
    java.lang.NullPointerException
        at java.io.FileInputStream.<init>(Unknown Source)
        at org.bukkit.util.config.Configuration.load(Configuration.java:72)
        at org.bukkit.craftbukkit.CraftServer.<init>(CraftServer.java:64)
        at net.minecraft.server.ServerConfigurationManager.<init>(ServerConfigurationManager.java:49)
        at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:126)
        at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:257)
        at net.minecraft.server.ThreadServerApplication.run(SourceFile:375)
     >
  23. Offline

    Don Redhorse

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    any other big PULLs outstanding? just finished configuring my server to finally make the passage from hmod and I know that there where some chunk / teleportation / world issues discussed which should become fixed..

    so I wonder if I wait till those bugfixes are integrated... on the other side 617 to 670 is a big jump.

    BTW: would it be possible to post again a changelog of the changes for ADMINS to see what has changed.. most of us are not really able to understand all the stuff happing in the background..

    I know that sometimes changelogs where posted, so it would just mean to make that a constant process... at least for the RB's.
  24. Offline

    NordicBlue

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    https://github.com/Bukkit/CraftBukkit/commits/master
    There is your changelog :D
  25. Offline

    Don Redhorse

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    thanks.. but what are the changes between rb 617 and rb 670? :)

    I know a lot more than the average admin.. but if you look at how many threads we got because of the 1.4 update this list is really not for the average admin
  26. Offline

    Racha

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    What was the bug to take down server, if it is not a secret :p :) ?
  27. Offline

    Steve Cole

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    not for everyone, it renamed the folder but the plugin just recreated a folder with the old name and wanted to use that folder. luckily i could fix it myself and not wait for a update.
    also had to fix a plugin that uses illegal characters in its name.
  28. Offline

    but2002

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    Yeah, I remember seeing that plugins namespace became more restricted, but it is for the better.

    Remember, bukkit is not a final product yet, and it's still considered "beta" I believe.. that or alpha.. I don't remember.. It's just an incomplete product, expect this. :D
  29. Offline

    Teaboy002

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    HOW DO I CHANG MY IP ADRESS?????? MAIL BACK SOON!!!!!!
  30. Offline

    Paul_VB

    dev.bukkit.org profile:
    CFUSERNAME
    My Plugins (CFCOUNT)
    Minecraft account:
    MCUSERNAME
    i have a question
    is 670 a stable, recomended build?

    btw exellent work on everything bukkit team! :p
    600,000 thumbs up!
Thread Status:
Not open for further replies.

Share This Page