Two attack possibilities have been discovered that let anyone shut down or freeze a game server with a modified client. Aditionally, remote administrators can freeze a game server with commands that produce too much output. Versions 0.2.8.X are affected by all three; version 0.2.8.2.1, fixing them all, is available in the file release section.
Other versions are vulnerable to the server shutdown exploit, too; there, a crash can be caused. Patches for 0.2.7.X, 0.2.6.X and 0.3.0 are available in the patches section. Let us know which versions are in active use in binary form, we'll consider full releases for those who can't use a source patch.
Sorry for the inconvenience, we hope the next news will be happier.
Log in to post a comment.