New CraftBukkit build now available; provides CRITICAL exploit fix.

Discussion in 'Bukkit News' started by EvilSeph, Apr 7, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    A new CraftBukkit build (#670) is now available that fixes a CRITICAL exploit that allows people to easily take down your server.

    Please note: plugin names are now set based on the "name:" field in the plugin.yml, not the jar name anymore. This change MAY BREAK SOME PLUGINS. However, it should be easy to address.

    Download CraftBukkit #670 here

    Also, CI is back up. Sorry for the inconvenience caused!
  2. Offline

    Johnny Lunder

    Wow, just wow.
    First reply is a user that didn't bother read the entire post on 6 lines!
    EDIT : And keep up the awesome work, Bukkiteers ^^
  3. Offline


    might i question the wisdom of putting this on your front page?
  4. Offline


    forces admins to act?
  5. Offline


    I am a little interested in how exactly did they crash these servers?
  6. Offline


    I must agree with this sentiment... plugin authors wont have their plugins fixed for this instantly, so 90% of the servers out there (or more) will be unable to update for at least a day (most likely 3+) while those who may have an issue with our server or person have time to research and utilize such an exploit maliciously.

    We're in a bit of situation : /
  7. Offline

    Jonathan Danek

    where is the plugins.yml located i cant find it?
  8. Offline


  9. Offline


    The plugin developers have been made WELL aware of the possible breakage a few weeks in advance and should be well prepared. You shouldn't see a huge downtime, if any as a result. Also, the issue doesn't apply to the majority of plugins.
  10. Offline


    Thank You Bukkit Team!
  11. Offline


    All the "bad guys" are watching the bukkit project on github anyway and therefore knew about the bug and how to exploit it the very moment it was fixed (if they didn't know before).

    Not putting this on the frontpage would've only prevented the "good guys" from understanding the severity of this bug, and based on the behaviour of people during the 1.4 update (asking "when will there be a 1.4 bukkit version?" three days after that version was already available) I'd say you can't be enough "in your face" with such things to really get the information across.
    Roujo, Qanthelas and Tazzernator like this.
  12. Offline


    I must go Home and upgrade:)
  13. Offline


    I upgraded without much issue. Convenient that it renamed a folder because the Jar name was different. <3
  14. Offline


    Same here updated without issues, only had to change BorderGuard for WorldBorder no biggie and we run 30+ plugins
  15. Offline


    grate job @bukkit team.... thanks
  16. Offline


    Nice job, Hmm... plugin:name means I can make other plugins optional? kk, I will rath-*epic silence*
  17. Offline


    14MB file size, what the hell? *g* #617 was like 8 Megabyte.

    Nice Job! :)
  18. Offline

    Nathan C

    556 have this "exploit"?
  19. Offline


    yes, afaik every older version has it.
  20. Offline


    I updated but now my server cant bind port anymore!

    i can join my server even though it cant bind port...not sure if others can join though

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 13, 2016
  21. Offline


    It doesn't work for me :( . Crafbukkit 670 with no plugins.

     10:24:51 [INFO] This server is running Craftbukkit version git-Bukkit-0.0.0-646-gb61ef8c-b670jnks (MC: 1.4)
     10:24:51 [GRAVE] java.lang.NullPointerException
     10:24:51 [GRAVE]     at<init>(Unknown Source)
     10:24:51 [GRAVE]     at org.bukkit.util.config.Configuration.load(
     10:24:51 [GRAVE]     at org.bukkit.craftbukkit.CraftServer.<init>(
     10:24:51 [GRAVE]     at net.minecraft.server.ServerConfigurationManager.<init>(
     10:24:51 [GRAVE]     at net.minecraft.server.MinecraftServer.d(
     10:24:51 [GRAVE]     at
     10:24:51 [GRAVE]     at
     10:24:51 [GRAVE] Unexpected exception
        at<init>(Unknown Source)
        at org.bukkit.util.config.Configuration.load(
        at org.bukkit.craftbukkit.CraftServer.<init>(
        at net.minecraft.server.ServerConfigurationManager.<init>(
        at net.minecraft.server.MinecraftServer.d(
  22. Offline

    Don Redhorse

    any other big PULLs outstanding? just finished configuring my server to finally make the passage from hmod and I know that there where some chunk / teleportation / world issues discussed which should become fixed..

    so I wonder if I wait till those bugfixes are integrated... on the other side 617 to 670 is a big jump.

    BTW: would it be possible to post again a changelog of the changes for ADMINS to see what has changed.. most of us are not really able to understand all the stuff happing in the background..

    I know that sometimes changelogs where posted, so it would just mean to make that a constant process... at least for the RB's.
  23. Offline

    There is your changelog :D
  24. Offline

    Don Redhorse

    thanks.. but what are the changes between rb 617 and rb 670? :)

    I know a lot more than the average admin.. but if you look at how many threads we got because of the 1.4 update this list is really not for the average admin
  25. Offline


    What was the bug to take down server, if it is not a secret :p :) ?
  26. Offline

    Steve Cole

    not for everyone, it renamed the folder but the plugin just recreated a folder with the old name and wanted to use that folder. luckily i could fix it myself and not wait for a update.
    also had to fix a plugin that uses illegal characters in its name.
  27. Offline


    Yeah, I remember seeing that plugins namespace became more restricted, but it is for the better.

    Remember, bukkit is not a final product yet, and it's still considered "beta" I believe.. that or alpha.. I don't remember.. It's just an incomplete product, expect this. :D
  28. Offline


  29. Offline


    i have a question
    is 670 a stable, recomended build?

    btw exellent work on everything bukkit team! :p
    600,000 thumbs up!
  30. Offline


    i have this in the server.prop:

    to allow /spawnmob and no natural spawns, but they spawn like normal
    (also ghasts in nether ... i prevented them from spawning with worldguard, but its broken)
Thread Status:
Not open for further replies.

Share This Page