TShock 4.3.20 for Terraria 1.3.3.3 (API v1.25)

Discussion in 'TShock Releases' started by nicatronTg, Oct 17, 2016.

  1. nicatronTg

    nicatronTg Shank
    TShock Founder TShock Admin

    Joined:
    Jul 21, 2011
    Messages:
    696
    Welcome to TShock for Terraria 4.3.20 for Terraria 1.3.3.3. This is an important security release. You should update as soon as possible. Download now, via Github Releases.

    Notable changes:
    • Security improvement: The auth system is now automatically disabled if a superadmin exists in the database (@Enerdy).
    • Removed the auth-verify command since auth now serves its purpose when necessary (@Enerdy).
    • Security: /" exploit can no longer break chat mute filters (@Simon311).
    • Fixed an issue where sometimes players could connect briefly during server shutdown, leading to errors (@Simon311).
    • Fixed wyverns despawning & not behaving like normal (@WhiteXZ).
    • Fixed major security issue where InvokeClientConnect could be exploited to do terrible, terrible things (@Simon311, @nicatronTg, @popstarfreas, @ProfessorXZ, @WhiteXZ).

    If you only want the security update just update the TerrariaServer executable.

    The first time use auth system has been rebuilt. /auth supersedes /auth-verify, and if a SuperAdmin exists, then the auth system will be automatically disabled.

    Technical exploit details can be found on the git commit. This can, at minimum, be used to avoid server mutes, change names, bypass grief checks based on timeouts and thresholds, and more. We extend extreme thanks to @Simon311 for testing all implications associated with this issue.
     
    • Like Like x 5
    • Winner Winner x 1
    • Informative Informative x 1
    • Useful Useful x 1
    #1 nicatronTg, Oct 17, 2016
    Last edited: Oct 17, 2016
  2. LoveOryks

    LoveOryks Level 4

    Joined:
    May 12, 2014
    Messages:
    85
    Noice, I'll get to it once I will have time~ ^^
     
    • Funny Funny x 1
  3. nicatronTg

    nicatronTg Shank
    TShock Founder TShock Admin

    Joined:
    Jul 21, 2011
    Messages:
    696
    Let me just reiterate how important it is that you push this update right now:
    • Players can evade mutes.
    • Players can impersonate staff.
    • Players can bruteforce your admin password.
    • Players can evade grief checks.
    • Players can do anything they want to because they can, at will, rebuild the core data structure, the TSPlayer object, that TShock uses to store player data. This means they can bypass any TShock system hardening which stores data in that data structure, which is basically everything.
     
    • Informative Informative x 3
  4. LoveOryks

    LoveOryks Level 4

    Joined:
    May 12, 2014
    Messages:
    85
    Well I do know the importance of this update, so yea, I'll get to it asap~
     
  5. XGhozt

    Plugin Developer

    Joined:
    May 12, 2012
    Messages:
    168
    Thanks everyone for working on this and keeping the community safe. :)
     
  6. tanpro260196

    tanpro260196 Level 4

    Joined:
    Oct 30, 2015
    Messages:
    55
    Everytime I press enter on the console windows, it said: "Invalid command entered. Type /help for a list of valid commands."
    Just press enter, no other input.
     
  7. Professor X

    Professor X Spam Cleaner 9000.5
    TShock Mod TShock Contributor

    Joined:
    Aug 18, 2014
    Messages:
    231
    This will be fixed in the next release. [Shank says no] You can use the unstable builds to fix it until then. [Shank says no]. Unstable builds are not supported or recommended though.
     
    • Like Like x 1
    • Funny Funny x 1
    #7 Professor X, Oct 22, 2016
    Last edited: Oct 23, 2016
  8. Sandwichapple

    Sandwichapple Level 0

    Joined:
    Apr 14, 2014
    Messages:
    3
    • User was warned for this post.
    Whenever I tried to type /user add (Name) superadmin or any group, it just say invalid user Syntax. try using /user help
     
  9. Akenture

    Akenture Level 0

    Joined:
    Dec 5, 2016
    Messages:
    1
    how i can use for 1.3.4?
     
  10. Zaicon

    Zaicon Spam Cleaner 9000
    TShock Mod Plugin Developer

    Joined:
    Feb 15, 2014
    Messages:
    691
    We are working on tShock for 1.3.4.3. Please be patient.
     
    • Like Like x 1