Перейти к содержимому
Mineforgian

SerializationIsBad

A Minecraft coremod aiming to patch serious security vulnerabilities found in many different mods

Загрузки
479K
Подписчики
40
Обновлён
16 марта 2024 г.
Лицензия
MIT

Опубликован 30 июля 2023 г.

A few weeks ago, a very critical vulnerability allowing arbitrary remote code execution on clients and servers (and therefor even all connected clients on a server) was discovered in many Minecraft mods.

More details on the whole topic as well as a list of all currently known affected mods is available here

Ченджлог

1.5.2Релиз1.20.2, 1.20.3, 1.20.4 · 16 марта 2024 г.
1.5Релиз1.19.4, 1.20, 1.20.1 · 29 августа 2023 г.

Notable changes/fixes:

  • Fixed compatibility issues with newer Fabric versions
  • Add support for patching of 3rd party ObjectInputStream implementations
  • Cache remote config locally so it can be used as a fallback in case the remote config cannot be reached on startup
  • The configuration directory is now configurable with the system property serializationisbad.configdir

Full changelog: #76

1.4Релиз1.19.4, 1.20, 1.20.1 · 10 августа 2023 г.

Notable changes/fixes:

  • Improved compatibility with Forge versions < 1.7 and Fabric servers
  • Fixed classloading issues in ModLauncher environments
  • Fixed classloading issues in Forge 1.7-1.12 versions when the agent is used
  • Added config option to disable the use of the remote config
  • Added patching support for SerializationUtils.deserialize

Also includes contributions from @ThatGamerBlue and @ThePixelbrain, thank you!

Full changelog: #61

Комментарии

Загружаем…