
SerializationIsBad
A Minecraft coremod aiming to patch serious security vulnerabilities found in many different mods
- Загрузки
- 479K
- Подписчики
- 40
- Обновлён
- 16 марта 2024 г.
- Лицензия
- MIT
Опубликован 30 июля 2023 г.
A few weeks ago, a very critical vulnerability allowing arbitrary remote code execution on clients and servers (and therefor even all connected clients on a server) was discovered in many Minecraft mods.
More details on the whole topic as well as a list of all currently known affected mods is available here
Ченджлог
1.5.2Релиз1.20.2, 1.20.3, 1.20.4 · 16 марта 2024 г.
Notable changes/fixes:
1.5Релиз1.19.4, 1.20, 1.20.1 · 29 августа 2023 г.
Notable changes/fixes:
- Fixed compatibility issues with newer Fabric versions
- Add support for patching of 3rd party
ObjectInputStreamimplementations - Cache remote config locally so it can be used as a fallback in case the remote config cannot be reached on startup
- The configuration directory is now configurable with the system property
serializationisbad.configdir
Full changelog: #76
1.4Релиз1.19.4, 1.20, 1.20.1 · 10 августа 2023 г.
Notable changes/fixes:
- Improved compatibility with Forge versions < 1.7 and Fabric servers
- Fixed classloading issues in ModLauncher environments
- Fixed classloading issues in Forge 1.7-1.12 versions when the agent is used
- Added config option to disable the use of the remote config
- Added patching support for
SerializationUtils.deserialize
Also includes contributions from @ThatGamerBlue and @ThePixelbrain, thank you!
Full changelog: #61
Комментарии
Загружаем…