TotalFreedomMod/SECURITY.md

39 lines
2.4 KiB
Markdown
Raw Normal View History

2020-12-01 19:42:16 +00:00
# Security Policy
## Supported Versions
We currently support the code running on the "main" branch and "development" branch of this repository. This is supported in addition to those formal releases, but note anything not yet released should be treated as in-development.
In terms of plugin releases, our support matrix is as follows:
### Actively Supported
These versions are currently actively supported by our team, and you should expect security patches where appropriate for these versions.
| Version | Supported | Support End: |
| ------------------- | ------------------ | ------------------------------ |
| 2021.05 | :white_check_mark: | No Earlier than August 2021 |
### Legacy Supported
These versions are no longer under active development, however we will look to release critical secuirty patches where appropriate.
| Version | Supported | Support End: |
| ------------------- | ------------------ | ------------ |
| 2021.04 | :white_check_mark: | July 2021 |
### No Longer Supported
These versions are no longer supported at all. It is strongly advised to update if you are running any of these versions.
| Version | Supported | Support Ended: |
| ------------------- | ------------------ | ------------------- |
Rewrite Pterodactyl integration (#86) * Update Command_ride.java * ok, done (FS-156) * Fixes FS-137 * grammar fix * Remove a number of wipe commands we don't want anyway We shouldn't be wiping any of this data within the server now anyway so let's not tempt fate again. * Why overcomplicating things is a horrifically bad idea (#55) The longer I look into this plugin's code, the angrier I will become. This fixes 2 bugs in the /potion command: - Fixes non-admins being able to clear other players - Fixes NPE caused when trying to add potion effects to players who are not on the server as a non-admin. Both of these issues are caused by overcomplicating seemingly simple solutions, hence the name of this commit. Co-authored-by: Ryan <Wild1145@users.noreply.github.com> Co-authored-by: Nathan Curran <30569566+Focusvity@users.noreply.github.com> * Bug fixes, improvements, and removals (FS-192) (#46) * Three fixes * Fixes /tempban throwing a NullPointerException when trying to get a player who isn't on the server but was in the past * Fixes /tempban banning players for 24 hours regardless of the duration defined * Fixes /list -t throwing a NullPointerException when performed from a non-player source (such as Telnet) * Removes hubworld entriely * Configurable blacklists for tag, muted commands, and wildcard Changes: * Moves globally blocked commands to the `global` subsection of the original `blocked_commands` section. You *will* need to update your configurations * /wildcard's command blacklist is now configurable under the `wildcard` section in `blocked_commands`. * The commands muted players can't use are now configurable under the `muted` section in `blocked_commands`. * Removes some commented-out globally blocked command entries. Co-authored-by: Ryan <Wild1145@users.noreply.github.com> * Switched from -c to -ci (#63) Resolves FS-219 * Added new dependency to allow TFM to compile (#65) * Name change for Fleek (#64) * Add //g to blocked commands (#62) Co-authored-by: Nathan Curran <30569566+Focusvity@users.noreply.github.com> * Small modification to new TFGuilds (FS-255) (#67) * Calculate the player count without offline players (FS-247) (#68) Co-authored-by: Ryan <Wild1145@users.noreply.github.com> * Use long instead of int and use offset to check time (FS-181) (#69) * Use long instead of int and use offset to check time (FS-181) * Remove star import * Addresses FS-224 (#70) * Bump version * TotalFreedomMod May Update * Retired support for 2021.02 fully. (#72) * Rewrite Pterodactyl integration - Rewrite Pterodactyl integration - Bring back the restart command and fix the stop command to gracefully stop the server now - I had to update for Java 16, sorry. I can't get it to compile on 11 anymore anyway * Codacy * Actually document how you set it up Also, rename server key to client key. That was from the old API, renamed it to be consistent with 1.x API * Be even clearer * Update Command_restart.java * Update pom.xml Co-authored-by: Video <videogamesm12@gmail.com> Co-authored-by: Elmon11 <elmon11bussiness@gmail.com> Co-authored-by: Ryan <Wild1145@users.noreply.github.com> Co-authored-by: Nathan Curran <30569566+Focusvity@users.noreply.github.com>
2021-06-29 10:28:30 +00:00
| 2021.02 | :x: | 6 June 2021 |
| 2020.11 | :x: | 3 May 2021 |
| 6.0.x (Pre-Release) | :x: | December 2020 |
| < 2020.11 | :x: | December 2020 |
| < 5.x | :x: | December 2020 |
2020-12-01 19:42:16 +00:00
## Reporting a Vulnerability
If the report has minor security implications (ie we've added a super admin to a senior admins permission) please raise an post on [our forums](https://forum.totalfreedom.me/) in the first instance. If you do not have a forum account and do not wish to sign up, please e-mail us using the e-mail in the next sentence.
For security vulnerabilities that are more severe and that may pose a more significant threat to the servers running this plugin, please e-mail os-security-reports [ AT ] atlas-media.co.uk - You can expect an automated response immediately to acknowledge receipt of your e-mail, and one of our team will aim to respond within 72 hours and will work with you on the best way to address your concerns.