1. Wight
    Created by Wight
    Oct 26, 2015
    Welcome to TShock v4.3.11 for Terraria v1.3.08. Download now.

    This version features a drop-in tile replacement system by @Wolfje that reduces RAM requirements by up to 70% on all worlds and CPU requirements up to 10% in the running process.
    • Large worlds: from 700MB-1GB -> ~325MB
    • Medium worlds: from 500MB -> ~200MB
    • Small worlds: from 400MB -> ~125MB
    Plugin developers: any current plugin that makes use of Main.tile must be recompiled with a reference to the new terrariaserver.exe.

    Other notable changes include:
    • API: Fixed some possible packet leaks in sendq (@Wolfje)
    • API: API Version 1.22 - please update your plugins accordingly
    • API: Added crash protection around malicious and/or invalid packets (@Wolfje)
    • API: Fixed worlds not loading sometimes (@tysonstrange)
    • API: Fixed living leaf walls not working as housing (@hastinbe)
    • Fixed an issue preventing some players from joining when the world is saving (@Wolfje)
    • Fixed an issue adding a ban on a player who has previously been banned (@Wolfje)
    • Fixed /invade martian (@Wolfje)
    • Fixed target dummies not working properly (@Wight)
    • Added a config option (DisableSecondUpdateLogs) to prevent log spam from OnSecondUpdate() (@Wight)
    • Added RESTful API login rate limiting (@George)
    • Added config options (MaximumRequestsPerInterval, RequestBucketDecreaseIntervalMinutes, LimitOnlyFailedLoginRequests) for rate limiting (@George)
    • DEPRECATION: Deprecated Disable(string, bool) and added Disable(string, DisableFlags). Please update your plugins accordingly (@Wight)
    • Fixed Halloween and Christmas events not working properly...
  2. nicatronTg
    Created by nicatronTg
    Sep 21, 2015
    We recently became aware of an ongoing attack targeting TShock for Terraria servers. No exploit exists, and no passwords can be immediately determined, however, bruteforce attempts are possible over REST.

    If you need help, please join Slack immediately and discuss your situation with us. Please error on the side of caution and take mitigation steps as soon as possible to avoid account compromises.

    • Attackers can bruteforce passwords from open REST ports.
    • Attackers can cause latency (lag) by bruteforcing passwords with high BCrypt work factors.
    • Servers which rely on REST should protect their REST endpoint. If the REST service is being used only on the same server or on a private network, firewall the REST port off (7878) from outside traffic. If the service must be accessed from the internet, move the RestApiPort (set in the config file) to a higher value, to avoid attacks that only target the default port, 7878.
    • If the rest port is not being used for anything, disable the REST service entirely (set the RestApiEnabled setting in the config file to "false").
    • Follow best practices when setting passwords. Ensure that administrators do not use passwords that are easily found in dictionaries or otherwise easy to crack. Encourage users to set safe, secure passwords for their TShock accounts.
    Long Term Solution:
    • IP based throttling of REST endpoint login attempts will be implemented in the next version of TShock, within 48 hours of this notice.
    Repeat: TShock is secure. REST can be attacked to slowly try passwords.
  3. nicatronTg
    Created by nicatronTg
    Aug 16, 2015
    Welcome to TShock for Terraria 4.3.9 for Terraria This release includes protocol compatibility with Terraria (Protocol 156). In addition, it includes a new crash reporting mechanism that can be used to help further diagnose problems on Windows. On Mono, it simply creates a more detailed crash report that we can then use. Download now, via Github.

    Notable changes include:
    • API: Update to Terraria (@Patrikkk)
    • API: Added a crash reporter which collects memory dumps on Windows (@Wolfje)
    • API: New commandline param: -crashdir - Writes crash reports to the specified directory (@Wolfje)
    • API: Sendq now doesn't disconnect people when it cant send a packet (@Wolfje)
    • API: Fixed more crashes on disconnect in sendq (@Wolfje)
    • API: Now ignores unknown server packets (@Wolfje)
    • API: Potentially removed arithmetic overflows in server (@Wolfje)
    Using the Crash Reporter
    TShock now has a crash reporter built in which writes crash logs to the crashes directory in the event of a catastrophic failure. To change where TShock writes its crash logs, specify the -crashdir parameter on the command line.

    1. In the event of a crash, look for a file called crash_xxxx.zip in the crashes directory
    2. Upload the file somewhere, beware the crash file may be quite large (>100MB), anywhere like google drive, dropbox or mega will be fine
    3. Post a link to the crash with reproduction steps in the TShock support forum
    Alternatively, if you do not want to report the crash, just delete the file.
  4. nicatronTg
    Created by nicatronTg
    Aug 7, 2015
    Welcome to TShock 4.3.8 for Terraria for API 1.21. This release includes many stability improvements and additional hooks. Download now.

    Notable changes include:
    • Auth system kicks players if system is disabled. (@nicatronTg)
    • Fixed /login permitting multiple logins without a logout in between. (@nicatronTg)
    • Allow[Hallow/Corruption/Crimson]Creep in config now work. (@Wight)
    • API: Treasure bags are now named properly. (@Wight)
    • API: Clients no longer close on disconnect. (@Wolfje)
    • API: Add server broadcast hook. (@Wight)
    • API: Fixed pressure plate hook triggering multiple times. (@Patrikk)
    • API: Fixed issues with SendQ writes failing. (@Wolfje)
    • API: Version tick to 1.21
  5. nicatronTg
    Created by nicatronTg
    Jul 24, 2015
    Welcome to TShock 4.3.7 PreRelease for Terraria This release adds support for Terraria Download now.

    There are a couple issues we have yet to investigate fully:
    • Visual tile artifacts.
    • Out of memory errors.
    If you experience visual artifacts, please report the following additional information in your report:
    1. The number of players on the server.
    2. The world size.
    3. An in depth report if possible, of how to re-create the problem on a stock map.
    4. Whether or not the problem occurs with only specific tilesets or all tilesets.
    If you experience out of memory errors, please provide a memory dump of the server during this state, zip it, and upload it so that we can inspect it. Please provide the same information as above, and, rather than posting the link publically, private message me your process dump files.