Hiya. We wanted to update you on Cloudbleed. First, it appears that TShock data was not found in any of the caching systems that were getting it.
Next, we wanted to update you on the password resets. Short version: They didn't go out to every user. Your account requires manual intervention to change your password if you did not get an email. We're working to send resets to all affected users in the breach window. The breach window appears to be users who logged in between September 22nd, 2016, and February 18th, 2017.
As always, you should practice safe password security using Two-Factor Authentication (which our forums are enabled for) and a password manager, like 1Password, KeePass, DashLane, or LastPass.
Page 2 of 13
Created by nicatronTg
- Feb 13, 2017
If you've submitted a plugin recently, you've noticed an increased delay in plugin approval time. This is because the current requirements for approving plugins is decompiling each plugin update and validating that no malicious code is present in the plugin.
However, developers are extremely busy and can't always do this in a timely fashion. Should we remove plugin approvals, and let plugin developers upload plugins at will, without us checking them?
Please vote in this poll. If we have a majority of votes and at least 100 votes, we will take that action. If we don't get 100 votes, we will do nothing. Cheers!
Created by Wight
- Jan 3, 2017
It's finally here! The event you've all been waiting for!
Coming fresh to your servers in 2017, it's the inaugural release of TShock Mintaka!
Are you excited? I am.
This would not have been possible without the massively appreciated help of DeathCradle, and his OTAPI project. You're the best dude <3
- Compatibility with Terraria 220.127.116.11
- API: Version tick 2.0
- API: Reduced RAM usage by ~80MB (Large server) (@deathcradle)
- API: Added TSPlayer.KillPlayer() (@WhiteXZ)
- API: Added TSPlayer.Logout() (@ProfessorXZ)
- Fixed connections after max slot is reached (@DeathCradle)
- Fixed server crashes caused by client disconnections when attempting to read closed sockets (@Enerdy)
- Added some code to make trapdoors work better (@DogooFalchion)
- AllowCutTilesAndBreakables config option now correctly allows flowers/vines/herbs to be cut in regions without breaking walls (@WhiteXZ)
- REST: /status has been re-added. It will now always point to /v2/server/status and includes an upgrade field describing the newest status route (@WhiteXZ)
- REST: /v3/players/read now includes a muted field (@WhiteXZ)
- Fixed fishing quests not saving/loading correctly when login before join, UUID login, and SSC were enabled together (@DogooFalchion)
Any plugin compiled for an earlier version of TShock must be recompiled to reference this version.
ignoreversion will NOT work.
Because of this, any plugin listed as obsolete in the resource manager will NOT work with this version of TShock.
As always, you can download this release from our Github page.
Created by nicatronTg
- Nov 17, 2016
We've migrated away from the wiki for documentation. We're now using ReadMe.io with a generously provided open source license. The new docs can be found at tshock.readme.io and in the navigation bar at the top of the page. The old docs have been retired, and the wiki will eventually be removed.
There are some really neat benefits from using ReadMe. Right now, we have the documentation for the current version of TShock on there. However, in the top right hand corner, you'll eventually be able to change documentation versions depending on which version you're running. This means that we can update our documentation with each version, and you'll always have the historical record of what changed.
Moving to ReadMe is still a work in progress, especially when it comes to the REST documentation. We're working on that. However, we'd like to extend our thanks to everyone who helped move documentation over. In particular, @Da Bomber played a critical role in helping with the move. Without his help, we wouldn't be using ReadMe right now.
As always, we accept suggestions on any documentation pages. You can "suggest edits" on any page, and send us general feedback on here, on Slack, or on Twitter.
Created by nicatronTg
- Oct 17, 2016
Welcome to TShock for Terraria 4.3.20 for Terraria 18.104.22.168. This is an important security release. You should update as soon as possible. Download now, via Github Releases.
- Security improvement: The auth system is now automatically disabled if a superadmin exists in the database (@Enerdy).
- Removed the auth-verify command since auth now serves its purpose when necessary (@Enerdy).
- Security: /" exploit can no longer break chat mute filters (@Simon311).
- Fixed an issue where sometimes players could connect briefly during server shutdown, leading to errors (@Simon311).
- Fixed wyverns despawning & not behaving like normal (@WhiteXZ).
- Fixed major security issue where InvokeClientConnect could be exploited to do terrible, terrible things (@Simon311, @nicatronTg, @popstarfreas, @ProfessorXZ, @WhiteXZ).
If you only want the security update just update the TerrariaServer executable.
The first time use auth system has been rebuilt. /auth supersedes /auth-verify, and if a SuperAdmin exists, then the auth system will be automatically disabled.
Technical exploit details can be found on the git commit. This can, at minimum, be used to avoid server mutes, change names, bypass grief checks based on timeouts and thresholds, and more. We extend extreme thanks to @Simon311 for testing all implications associated with this issue.
Page 2 of 13