Bukkit Forums

Oct
26
by Kaelten at 9:42 PM
(19,083 Views / 0 Likes)
90 Comments
Tonight we've been made aware of a decompiler vulnerability that allows people to effectively hide sections of code. This has been reported to both Procyon and Luyten. This may also affect other decompilers.

Unfortunately due to this we will be not be processing new files until a fixed or replacement decompiler can be found.

As of right now there is no known malicious code on DBO. However, due to the nature of this decompiler shortcoming we are unable to know conclusively.

A big thanks to korikisulda for bringing this to our attention.

Edit by Zeldo:
Korikisulda has posted a much more detailed post about how this works for those that are wondering. You can find it here:...
Oct
21
by Jadedcat at 4:50 PM
(18,750 Views / 0 Likes)
87 Comments
Recently a plugin named Magix was uploaded to the site. This plugin had an exploit in it wherein an image file was used to add extra javascript beyond the code in the plugin itself. That could allow for arbitrary opping on a server. Multiple reviews of the project by our staff failed to catch it, and for that mistake we're very sorry.

We have adapted our review process to look for this kind of exploit in the future. Unfortunately no matter how well we review plugins people will try and find new creative ways to add malicious content.

The plugin has been removed and the author banned.

If you downloaded and are using Magix, please remove it from your server.

Again we apologize for missing the exploit when checking the code.
Sep
26
by Jadedcat at 8:35 AM
(28,611 Views / 10 Likes)
66 Comments
There are any number of licenses you can pick for a plugin. GPL amongst others allows other people to copy and redistribute your code under certain conditions. Most noticeably the requirement that any fork also be GPL. Other open source licenses have other requirements.

If you pick the GPL license or any other open source license for your plugin and someone clones your plugin it is not a copyright violation as long as they follow the requirements.

As it pertains to plugins uploaded to BukkitDev or Curse, things are slightly different.

We feel the spirit of open source licenses is to allow for continuing an abandoned project, or forking and creating a new project based on the original. The purpose is not to allow anyone and everyone to create a straight 1-1 clone of actively developed plugins.

On BukkitDev we will decline to host simple clones of existing plugins, regardless of licensing legalities. If you are aware of a straight 1-1 clone of an existing plugin please...
Sep
25
by Kaelten at 2:07 PM
(52,035 Views / 0 Likes)
139 Comments
Hi Everyone, my name is Kaelten.

Not many of you know me. I've been an admin on the Forum for several years, but until recently I've been inactive. I am also a Curse staff member, and the project lead over CurseForge.

Everyone knows there's been a lot of changes and shakeups in the community over the last several weeks. These together have left a feeling of unease with many users.

Let me start by saying that Bukkit.org and Bukkit Dev will stay online for the foreseeable future.

The future of CraftBukkit distribution lies squarely (or with Minecraft is it blockly?) with Wolvereness and Mojang. As things stand right now CraftBukkit will not be available from dl.bukkit.org.

Staffing Changes

With all the changes most of the staff for Bukkit.org have stepped down. Many of the former staff posted farewells. To archive these in perpetuity we've created a forum dedicated to staff member farewells and...