This announcement is mostly for the developers in our community as it provides an explanation for why we have been seeing little to no activity with the project and why pull requests have not been handled within a reasonable amount of time.
As most of you may or may not know, we have been under a code freeze for the last two months or so to focus on improving the level of performance people were seeing from our product. Believe me when I say it's highly unlikely anyone is as frustrated as we are that we've been unable to move as quickly as we have wanted. I've had the team on my back every single day wanting me to lift the code freeze so we can continue coding to our hearts' content and I've been eager to get some commits in of my own or pull some PRs that have really garnered my interest.
Unfortunately, for the benefit of the project I had to stop all development and focus all of our resources and efforts on addressing some critical issues we were noticing through...
A new CraftBukkit Recommended Build (1.2.5-R4.0) that provides Minecraft 1.2.5 compatibility and fixes issues in CraftBukkit 1.2.5-R3.0 and earlier is now available. As this RB contains a critical dupe exploit fix, upgrading is highly recommended.
Will plugins break with this build?
Provided the developers of the plugins you are using are keeping up with the development of Bukkit, all your plugins should work fine.
This Recommended Build includes an upgrade to the jLine we use in Bukkit. As a result, Windows servers need the Visual C++ 2008 redistributable if you want to be able to see text formatting in your console (or use -nojline to disable jLine if you don't want to).
Unlike a previous Recommended Build (1.2.5-R2.0), this new RB does not need anything special like ANSICON.
For more detailed information on what is contained in this...
On Monday morning at 8:00 UTC our server hosting dl.bukkit.org will be going down for an OS upgrade that is expected to take roughly 2 hours to complete. As a result our download site will be offline until this maintenance is completed.
We'll be providing mirrors for the duration of the downtime so you'll be able to download our builds and releases without issue.
A couple weeks ago many of you brought up an issue regarding the loss of formatting options on BukkitDev, our Minecraft plugins download service powered by CurseForge. After further investigation, it turns out several formats were disabled due to the security risk they posed to the site - a severe XSS vulnerability was discovered in the Markdown parser as well as a potential security risk in the Safe HTML parser.
As a security precaution the affected parsers were disabled from further usage and new projects were forced to use a more secure alternative. Unfortunately, due to a bug in the system, every project was accidentally set to the WikiCreole format and developers found themselves unable to switch their projects back to the formatting they previously used. This was a bug and completely unintended.
Having conducted an extensive investigation into the vulnerabilities we discovered and concluding that we have addressed them accordingly, I'm happy to announce that Safe HTML is...