New CraftBukkit build available; fixes crash and security exploit

Discussion in 'Bukkit News' started by EvilSeph, Apr 13, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph

    A new CraftBukkit build (#677) is now available that contains fixes for a CRITICAL crash exploit (already present in build #674) and prevents malicious users from setting an invalid position which helps them bypass protections within the code.

    There should be no breaking changes in this build so anyone updating from #670 or #674 should have no problems. However, you should always be backing your server up before updating to be safe.

    Download CraftBukkit #677 here

    To keep up to date on our latest Recommended Builds we have an RSS feed you can subscribe to:
    http://ci.bukkit.org/other/latest_recommended.rss

    Thanks goes out to @Verrier for coding the RSS feed generator while luke has been busy!
     
  2. Offline

    jjkoletar

    So... bukkit can't hold infinity?
     
    robinjam and Olof Larsson like this.
  3. Offline

    L30TACO

    lets hope there's no breaking problem
     
  4. Is it a necessary update?
    cause I'm just making a map in multiplayer but I'm the only one with 2 friends. So could I just leave at #674?
     
  5. Offline

    klutch2013

    is there a tutorial on how to update bukkit without having to red-do all of my plugins?
     
  6. Offline

    EliteASH_11

    Yeah, you replace the old craftbukkit file with the new one.
     
  7. Offline

    OrtwinS

    If you come from cb670, simply replace your old snapshot with the new one.

    If you are coming from cb617, or even lower, you better check first what plugins require an update, make sure you download those .jars first. Than shut down your server and replace everything that needs replacing.

    Most plugins do not require you to redo all your settings, you don't have to delete your configuration files/folders. But if you have to, they tell you in the plugin thread, check the changelog.



    My ramble about Craftbook & updates:
    Show Spoiler

    Craftbukkit is has most of the basics done now (redmine progress says they are at 88% of the planned features of the preview release). This means that updates shouldn't break plugins as often anymore because there should be no need for them to mess with hooks & pointers of the basic functionality (or how these things are called in java).

    Of course things will become bumpy again everytime Notch changes MC itself, the Bukkit team will have to implement the new features, and that comes with new bugs.
    But even if Notch decides he wants to mess with the way how MC handles a 'block-break' event, the Bukkit team will redirect that event to the same Craftbukkit block-break hooks and the plugins that use that still continue to work.

    When the Craftbukkit permission system will be introduced I do expect every plugin out there to fail... but I also expect some smart programmer to introduce a 'permission-bridge' plugin that will link old permission plugins with the new system... like FakePermissions works for Groupmanager.


    Lol, writing that ramble took me so long you already answered the mans question. :D
     
  8. Offline

    Tazzernator

    Don't you love it when your personal projects become so large you need to implement security fixes?

    kudos bukkit! :)
     
  9. Offline

    Splendorr

    I really appreciate posts like this, and the addition of the Recommended Build feed on the front page. Whether my suggesting it a couple of weeks ago had any part in this decision or not, I want you to know that, yes, it has served as a very helpful indicator for when we should update.

    I think the Bukkit team is doing a great job and it shows that you're constantly learning and improving both the system and your interactions with the community. Thanks again for all your hard work.
     
  10. Offline

    sniperkillu

    nice thx !
     
  11. Offline

    klutch2013

    thanks both of you. thats what i thought you did but wasnt sure.
     
  12. Offline

    LucidLethargy

    I downloaded this yesterday a few hours after it came out, and it works great! Thank you for fixing some of the crash issues! This is the kind of stuff that I'd say ALL admins LOVE seeing. The more stable bukkit is, the easier our lives are! :D

    So far it's been doing quite well on my own server so long as I restart it every 2 hours (my isp informed me that bukkit and essentials have some memory leaks, however I have no idea how true this is with 677 - so this is why I restart it, to ensure things roll smoothly despite any potential leaks)

    Anyway, keep up the good work - I think Bukkit is finally starting (albeit very slowly) to become what it was originally envisioned to be! I really hope bukkit updating comes soon, however, as back with hmod I was using the updatr and absolutely loved how simple it was! Until then, it's not a huge big deal, but updating my 32 plugins during the minecraft updates (and along with those, the bukkit updates) is a good 4-6 hour job : /
     
  13. Offline

    Zenithas

    Hmm. Having a problem with Craftbukkit on a 1.4_01 server. CB 670 and 677 have both been causing players to spawn into random locations around the world - in completely different biomes. Thought it had been isolated to Nethrar, but it was a false positive. Closest I can think is how the CB startup in the CLI tells the world that it's for MC 1.4...
     
  14. Offline

    L30TACO

    will this support 1.5?
     
  15. Offline

    cjc343

    1.5 can't possibly be supported before it's released.
     
    Tazzernator likes this.
  16. Offline

    Niktomix

    The version is always git-Bukkit-0.0.0-653-g9992fff-b677jnks and not 677.
    now i'm always getting [INFO] Read timed out while trying to connect -.-
     
  17. Offline

    Evenprime

    that is build 677
     
  18. Offline

    melpomene

    Hi,

    I wanted to resume work on a past build, unfortunately it is not more available here
    https://github.com/Bukkit/Bukkit-MinecraftServer
    Namely, I was interested to retrieve a zipball from March 8th.
    Is there a way to get access to past archives?

    Thanks
     
  19. i updated to build #677 and I get this every time I try and log in. It won't ever let me log in. Any ideas?


    Code:
    2011-04-15 12:02:20 [INFO] tiemposinropa [/24.178.189.64:46569] logged in with entity id 157
    2011-04-15 12:02:20 [SEVERE] CraftPlayer{name=tiemposinropa} was caught trying to crash the server with an invalid pitch
    2011-04-15 12:02:22 [INFO] Freed 10.985221862792969 MB.
     
  20. Offline

    Climaxx

    Hello all, we are a fairly new minecraft server still in development phase. Currently bukkit build [677] has been having render issues when you first log in causing you to fall through the server repeatedly. After logging off and waiting then coming back on it fixed. Also when i log in it displayed me logging in twice. Niether of these are big issues or worth creating a new build, though i felt the need to report them because they might cause cause future problems. Will update if new things occur, thanks again for this amazing server wrapper -Climaxx.
     
  21. Offline

    EvilSeph

    The only change we made that would produce this issue is our check for NaN and I really don't see why your pitch would be NaN...

    We are unable to reproduce this issue. Please provide us with more information.
     
  22. Offline

    Verrier

    Just as an update, spent some time trouble shooting, it's related to getting a white screen during login on previous builds. This is a link to the solution incase anyone else has the same problem:
    http://forums.bukkit.org/threads/white-screen.13068/#post-216646
     
  23. Offline

    Zenithas

    I have attempted now to roll back the server to 1.4, and I've rolled back CB to build 670, without success. Essentially, regardless of whether players use a bed or not, they are spawned into varying locations up to a full week's (~140 minutes) travel away. This happens without any plugins loaded, simply using craftbukkit. I should note, removing craftbukkit (running as a vanilla 1.4 or 1.4_01 server) resolves this issue.

    No java errors nor warnings arise from this.

    Edit: After playing around with Nethrar, using that to intercept the spawn controls, I've now got it spawning into one location about 300 minutes travel from the original world spawn. Then, with a Runecraft portal, connected it back again.
     
  24. Offline

    malfth

    do i just replace craftbukkit.jar with craftbukkit-0.01snapshot.jar ? if yes then it just doesnt work for me. :(
     
  25. Offline

    Evenprime

    If your previous craftbukkit version was named craftbukkit.jar, then you'll have to rename the new craftbukkit-0.01snapshot.jar to craftbukkit.jar too.
     
  26. Offline

    Metalcat

    This come up in my cmd when I run the server after I updated it...
    "Can not find the path.
    Press any key to continue ..."
     
  27. Offline

    Plague

    looks you renamed it wrong
     
  28. Offline

    Metalcat

    Lol found the problem...
     
  29. Notch does not allow pre release to the servers (unfortunitly) thats why we had to go without bukkit for a few days and no pluggins for abt 3 more days... Nothch dont like us..... but main thing he could do was release the source to you bukkit team or canary or even vanilla....for i cant even find vanilla...
     
  30. Offline

    Climaxx

    This issue occured shortly after creating the server it seemed to be a render issue that fixed itself. So far the issues our server has been having is only when you connect to the server without waiting for a short period of time (1-6 minutes) such as blocks not breaking and blocks placed remove themselves then replace themselves. As i said earlier however they are not real big issues since you just have to simply wait for a short period of time. If you would like more information i can make an SQL log of the server and paste the information of the server

    Side note: no real issues have been found when working on the server, however will update if i find more information.
     
Thread Status:
Not open for further replies.

Share This Page