Welcome to TShock for Terraria 4.3.20 for Terraria 220.127.116.11. This is an important security release. You should update as soon as possible. Download now, via Github Releases. Notable changes: Security improvement: The auth system is now automatically disabled if a superadmin exists in the database (@Enerdy). Removed the auth-verify command since auth now serves its purpose when necessary (@Enerdy). Security: /" exploit can no longer break chat mute filters (@Simon311). Fixed an issue where sometimes players could connect briefly during server shutdown, leading to errors (@Simon311). Fixed wyverns despawning & not behaving like normal (@WhiteXZ). Fixed major security issue where InvokeClientConnect could be exploited to do terrible, terrible things (@Simon311, @nicatronTg, @popstarfreas, @ProfessorXZ, @WhiteXZ). If you only want the security update just update the TerrariaServer executable. The first time use auth system has been rebuilt. /auth supersedes /auth-verify, and if a SuperAdmin exists, then the auth system will be automatically disabled. Technical exploit details can be found on the git commit. This can, at minimum, be used to avoid server mutes, change names, bypass grief checks based on timeouts and thresholds, and more. We extend extreme thanks to @Simon311 for testing all implications associated with this issue.