Commit Graph

90 Commits

Author SHA1 Message Date
ece466de42 Patches nocom exploits 2023-07-04 00:24:07 -06:00
671bf4bd18 Backport blockentitytagquery crash fix to 1.17.1 (#111)
* Backport blockentitytagquery crash fix to 1.17.1

* Test
2023-06-30 12:43:00 -05:00
f33f6d2de8 Fix javadoc link 2023-06-11 02:08:13 -05:00
7b8d2ee804 Add Metrics and improve README 2023-06-08 20:48:03 -05:00
b72d5ec8fc Limit beacon effectRange (#96) 2023-06-07 15:11:09 -05:00
2073436f76 Implement command block events (1.17.1) (#89)
* Implement command block events

* Add missing getHandlerList() method
2023-06-04 16:58:17 -05:00
43213a0e43 Add depth limit to SNBT (#88) 2023-06-02 16:33:01 -06:00
1b4d65a1e6 Add depth limit to Component deserializer (#85) 2023-05-31 21:03:10 -06:00
020afc9e99 Fix component extra empty array exploit (#83) 2023-05-29 17:32:04 -06:00
92a9dd9634 Backport patches from 1.19.4 (#80) 2023-04-28 20:53:31 -06:00
f21a7fb408 Untitled patch (#70) 2022-11-28 19:20:57 -07:00
ae3dc6aa18 Prevent velocity freeze (#67) 2022-11-27 21:48:38 -06:00
8f07c9e142 Adds configuration option to disable game master blocks, fixes config issues 2022-10-02 19:47:55 -06:00
1cd49aebf7 Serious bugfix
Server patch \#34 introduced a server-crashing bug where you could crash a Scissors 1.17.1 server simply by
going near the world border.This commit removes that original patch and re-implements part of what the
patch set out to do separately so that the painting crash exploit doesn't work, but the server won't crash
when you try to go near the world border.
2022-08-19 01:02:42 -06:00
3a4b3ffd34 Refuse to convert legacy messages over 1k characters (#62) 2022-08-17 21:45:44 -05:00
c48a56ac01 Fix out of bound chunks crashing server (#54) 2022-08-12 08:34:28 -05:00
fb17ef58f1 Fix crash on /timings paste (#55) (#56) 2022-07-27 21:25:58 -05:00
aba21aaf49 Fix ClickEvents on Signs bypassing permissions (#49) 2022-07-13 14:41:31 -05:00
dcf6dab4ee Fix container click patch (#45) 2022-07-12 11:18:30 -05:00
cb464a0b3a Removes patch that broke container clicking 2022-07-11 15:31:22 -06:00
71804a2e65 Validate block entity tag query positions (#42) 2022-07-11 15:15:03 -05:00
611e77e503 Add scissors config, command & disable command books (1.17.1) (#39)
* Add Scissors configuration file & command

* Disable running commands in books by default
2022-07-10 10:46:47 -05:00
3b8ad1a45d Improve invalid container event patch (#36) 2022-07-10 01:07:55 -05:00
c2b2427622 Patch 'sploits (1.17.1) (#33)
* Prevent invalid container events

* Do not attempt to cast items to recipes
2022-07-09 21:21:35 -05:00
a877b648d5 Fixes attributes being wrongfully removed due to a previous patch 2022-07-08 15:39:05 -06:00
c4afa459b5 Add spectator teleport event (#26) 2022-07-05 08:31:51 -06:00
2907ef1436 Add MasterBlockFireEvent 2022-07-04 22:26:04 +01:00
7885894176 Update CI link 2022-06-23 00:16:11 -05:00
106edf19b7 Prevent crash paintings and similar entity OOB exploits 2022-05-17 07:01:13 +01:00
236e8a95a3 Don't log invalid teams to console 2022-05-17 06:00:19 +01:00
9e244f52c9 Optimize getTagSize method in NbtUtility (#15)
The getAsString method which was used before uses StringTagVisitor,
which takes way too long.
2022-05-02 17:39:35 -06:00
61fd911106 Account for large items inside containers & add more methods to NbtUtility (#14) 2022-05-01 02:37:23 -06:00
6f32742d79 Fix a few of my patches being formatted incorrectly & fix the Minecart/Boat lag/crash exploit (#13)
* Fix a few of my patches being formatted incorrectly

* Limit amount of vehicle collision checks to 3 and discard vehicles if they collide with more than 15 other entities
2022-04-28 01:55:02 -06:00
dc1a5399f7 Futureproof the auto updater 2022-04-22 03:26:08 -05:00
39916e2102 Fix negative death times 2022-04-19 11:56:30 +01:00
c2618f2522 Reset large tags (#11) 2022-04-18 17:20:08 -06:00
d120903a36 Get branch for version checking automatically 2022-04-18 17:23:52 -05:00
5be5c364cd Update Paper 2022-04-14 20:07:20 -05:00
42ce42b668 Fixes creative-killing potion effects and certain potion effect overflows 2022-04-11 13:38:34 -06:00
a9cc494a94 Backport patch 888 from the regular Paper 2022-04-10 15:58:40 -06:00
d4a73a9b3f Limit ListTags to 1024 elements (#9)
* Limit ListTags to 1024 elements

* a
2022-04-09 18:06:20 -06:00
ecfd11a180 Don't query NBT from players in the nbt text component 2022-04-09 13:02:56 -06:00
646f5e6002 Prevent non-living entities from being spawned by spawners (#7) 2022-04-04 02:39:28 -06:00
6760ad5417 Properly renames patch #19 to stop it from renaming itself 2022-04-04 02:13:12 -06:00
6950f39d8c Prevent attributes with invalid namespaces from being applied to CraftMetaItems 2022-03-30 18:24:02 -06:00
8fdf4dce39 Validate String UUIDs during the CompoundTag -> GameProfile conversion process 2022-03-30 02:04:27 -06:00
4cecc52099 Reject oversized components from updating + removes unnecessary imports from dev-imports.txt 2022-03-28 17:13:43 -06:00
50e5b29c3d Merge pull request #6 from AtlasMediaGroup/FS-176
block excessive nbt that kicks players
2022-03-28 17:30:11 -04:00
31aad362c1 prepare for pr + fix typo 2022-03-28 17:24:47 -04:00
77cc5f291f Better handling of invalid JSON components
This commit has some behavioral changes!

An issue regarding the treatment of invalid JSON components was raised this morning. This commit changes the behavior for many things using the component system to instead replace the invalid JSON with text saying "** Invalid JSON Component **". Some things will not do this (e.g. the conversion process).

Here's a list of things that are affected by this change:
- Hover event components (specifically, the show_entity action)
- NBT components
- Entity names
- Beacons
- Enchantment tables
- Scoreboard save data loading
2022-03-28 15:17:49 -06:00