Перейти к содержимому
Mineforgian

SerializationIsBad

A Minecraft coremod aiming to patch serious security vulnerabilities found in many different mods

479K загрузок40 подписчиковMITforge

Обновлён 16 марта 2024 г. · опубликован 30 июля 2023 г.

A few weeks ago, a very critical vulnerability allowing arbitrary remote code execution on clients and servers (and therefor even all connected clients on a server) was discovered in many Minecraft mods.

More details on the whole topic as well as a list of all currently known affected mods is available here

Версии

ВерсияКаналИграЗагрузчикиДатаСкачать
1.5.2Релиз1.20.1, 1.20.2, 1.20.3, 1.20.4forge16 марта 2024 г..jar (499 КБ)
1.5Релиз1.19.3, 1.19.4, 1.20, 1.20.1forge29 августа 2023 г..jar (499 КБ)
1.4Релиз1.19.3, 1.19.4, 1.20, 1.20.1forge10 августа 2023 г..jar (497 КБ)
1.3Релиз1.19.3, 1.19.4, 1.20, 1.20.1forge30 июля 2023 г..jar (26 КБ)

Ченджлог

1.5.2Релиз1.20.2, 1.20.3, 1.20.4 · 16 марта 2024 г.
1.5Релиз1.19.4, 1.20, 1.20.1 · 29 августа 2023 г.

Notable changes/fixes:

  • Fixed compatibility issues with newer Fabric versions
  • Add support for patching of 3rd party ObjectInputStream implementations
  • Cache remote config locally so it can be used as a fallback in case the remote config cannot be reached on startup
  • The configuration directory is now configurable with the system property serializationisbad.configdir

Full changelog: #76

1.4Релиз1.19.4, 1.20, 1.20.1 · 10 августа 2023 г.

Notable changes/fixes:

  • Improved compatibility with Forge versions < 1.7 and Fabric servers
  • Fixed classloading issues in ModLauncher environments
  • Fixed classloading issues in Forge 1.7-1.12 versions when the agent is used
  • Added config option to disable the use of the remote config
  • Added patching support for SerializationUtils.deserialize

Also includes contributions from @ThatGamerBlue and @ThePixelbrain, thank you!

Full changelog: #61

Полная история изменений — на Modrinth.

Комментарии

Загружаем…