Commit Graph

145 Commits

Author SHA1 Message Date
Phoenix616
e99ae1eb1e
Fix spigot build profile by using same version as paper dependency 2022-10-12 16:53:00 +01:00
Max Lee
34df7e368a
Merge pull request #527 from JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies_maven
[SECURITY] Use HTTPS to resolve dependencies in Maven Build
2022-09-12 23:26:02 +01:00
Jonathan Leitschuh
5066a21a5f
vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291
This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>

Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8

Co-authored-by: Moderne <team@moderne.io>
2022-07-14 22:41:37 +00:00
Phoenix616
a78b925181
Update dependencies (mainly ORMLite and bStats)
Also fixed the outdated Reserve maven repository. That massively slowed down builds...
2022-06-28 16:24:17 +01:00
Phoenix616
5b712f9ed5
Back to development builds 2022-06-28 16:12:44 +01:00
Phoenix616
c54ed6b2f5
Prepare 3.12.2 release 2022-06-28 14:54:20 +01:00
Phoenix616
fd0035a99c
Build against 1.19 and replace apache-commons-lang 2022-06-13 22:52:26 +01:00
Phoenix616
4285358910
Back to snapshots for development 2022-06-04 14:51:40 +01:00
Phoenix616
dc731919e3
Prepare 3.12.1 release 2022-06-04 14:51:18 +01:00
Phoenix616
d1bbcfce47
Sync log4j version with updated server version
The log4j bugs weren't an issue as log4j wasn't included in the plugin directly
 but simply depended on the version the server provided. This just syncs it with
 the commonly used server version again. (And shuts up dependabot)
2022-01-10 17:07:59 +01:00
Phoenix616
fa924f0212
Full message support on 1.18 2021-12-03 19:12:18 +01:00
Phoenix616
4f8e7938e2
Update Adventure (Fixes #474) 2021-09-10 22:22:16 +01:00
Phoenix616
129663650f
Build and test against 1.17
Also update maven-compiler-plugin
2021-07-04 14:20:43 +01:00
Phoenix616
988420992c
Sync version of adventure gson serializer dependency with api 2021-06-18 22:52:05 +01:00
Phoenix616
63f68d5444
Fix test profiles activation 2021-06-13 15:47:41 +01:00
Phoenix616
6f4be10065
Prepare next version and update Minedown 2021-06-09 00:47:42 +01:00
Phoenix616
8cb78165a3
3.12 release 2021-06-06 22:02:53 +01:00
Rutger Kok
e6b05ff982 Add support for BlockLocker
It's no longer possible to open shops on chests that were protected by someone else.
2021-03-17 22:11:54 +01:00
Phoenix616
aadfaff397
Update MineDown to 1.7.0 and adventure to 4.7.0 2021-03-17 22:09:13 +01:00
Phoenix616
65df4c40c6
Improve performance by using Paper's non-snapshot states if available 2021-01-28 17:18:42 +01:00
Phoenix616
22d3f262f5
Improve NameManager OfflinePlayer and UUID version handling (#383)
This also removes the deprecated methods which might interact with the
 changed methods in unintended ways from the NameManager and the
 PreTransactionEvent.
2021-01-28 15:26:23 +01:00
Phoenix616
b774258051
Remove OddItem support and implement own alias system (Resolves #360)
Reasoning why this is part of the core and not a separate addon:
The impact of this function is extremely lightweight when (almost) no
 aliases are defined so someone who isn't using this should not have a
 worse experience.
Additionally including it in the core (similarly to the discounts,
 taxes and restrictions) promotes it's availability while not massively
 increasing the maintainability.

As for the OddItem removal:
That plugin hasn't been developed for over 7 years and such unique
 plugin support should really be added via separate addon using the
 events system which, with the new ItemStringQueryEvent, now actually
 supports doing that from an external plugin.
If someone really managed to run their own private fork of OddItem for
 all those years then they should be able to also provide such a simple
 addon.
2021-01-03 01:55:01 +01:00
Phoenix616
4e40823d23
Fix ShowItem incompatibility as well as update adventure 2020-12-04 14:53:27 +01:00
Phoenix616
51e9d5f267
Use adventure text api in order to fix hover issues
This also has the side-effect of restoring CraftBukkit compatibility

Also move all libraries into a dedicated Libs package
2020-12-01 19:48:26 +01:00
dependabot[bot]
15b9382b09
Bump junit from 4.12 to 4.13.1 (#367)
Bumps [junit](https://github.com/junit-team/junit4) from 4.12 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.12...r4.13.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-14 18:15:32 +01:00
Phoenix616
9dd56385eb
Update lang to 1.3. Fixes legacy local.yml loading issue. 2020-09-24 15:27:39 +01:00
Corey Shupe
282c39c975
Implement LockettePro support and improve soft dependency handling (#354) 2020-09-10 14:32:34 +01:00
Phoenix616
89ba3d0559
Fix default profile activation 2020-07-08 21:43:34 +01:00
Phoenix616
6a34054bc7
Add latest test profile 2020-07-08 21:38:54 +01:00
Phoenix616
18c3f8f5ef
Prepare next version 2020-07-03 17:15:08 +01:00
Phoenix616
908c128a10
3.11 release 2020-06-29 15:51:06 +01:00
Phoenix616
6ee7c4759a
Add multi-language and component message support (Requires Spigot)
Message configs are now selected based on the client's language (can be
 toggled in the config) and will use MineDown formatting to allow
 display of component messages as well as usage of RGB colors in 1.16.
If found the legacy local.yml will be used instead of the per-language
 files. Move your local.yml to the correct lang config to if you want to
 use the per-client language option.
Version was also changed to 3.11 due to the many internal changes that
 have accumulated over time
2020-06-28 18:00:09 +01:00
Phoenix616
4885092435 Include license and readme in jar file 2020-06-19 21:47:50 +01:00
Phoenix616
183c724583 Improve Metrics and add /csmetrics command
This adds some more logging to the metrics for some interesting plugin
 settings as well as player account and transaction counts. This data
 about account count and average transaction and item counts is also
 exposed ingame via the /csmetrics command.

This also removes the outdated mcstats metrics as that site is long dead
 now, the last data is from two years ago...
2020-06-19 21:47:28 +01:00
Phoenix616
3bf54529db Add support for LWC LimitsV2 module (#293)
This adds a new OTHER_BREAK PreShopCreationEvent outcome to indicate
that the sign should get broken. To keep it backwards compatible with
other plugins setCancelled still sets OTHER and will not lead to a sign
break. The breaking logic is also moved out of the ErrorMessageSender
as it didn't make sense to have there. (It also wasted a tiny bit of CPU
by getting the block of the state again)

Do do this it now fully depend on LWCX, it's the only active version anways.

Also fixed a possible out of index error with the sign lines.
2020-05-04 22:33:46 +01:00
Phoenix616
059abc569c 3.10.2 snapshot development 2020-03-24 00:30:46 +01:00
Josh Roy
809546ecab
Update bStats to 1.7 (#295)
Also updates bStats maven repo to new one
2020-03-08 18:26:52 +01:00
Phoenix616
86ea093994 3.10.1 release 2020-02-22 17:43:47 +01:00
Phoenix616
bd8f2dfc19 Add RedProtect support 2020-01-15 23:44:34 +01:00
Phoenix616
3d83bfdddd Add GriefPrevention support (Resolves #227)
Also slightly cleanup dependency logic loading to not have per-plugin
code in Dependencies class
2020-01-15 23:40:42 +01:00
Phoenix616
d5198bd155 [CI-SKIP] Prepare next version 2019-12-09 22:59:41 +01:00
Phoenix616
e15633a4a8 3.10 release 2019-12-09 22:54:29 +01:00
Phoenix616
38f93c1d1d Fix default maven profile activation 2019-11-04 17:42:33 +01:00
Phoenix616
40467e3522 Add support for Paper's BlockDestroyEvent for sign breaks (Fixes #214)
Instead of using different modules we use a bukkit profile to test backwards compatibility with pure-Bukkit servers and use the paper-api in the default profile. This should really be done with modules in the future. The actual selection which listener to use is handled by checking if the event class exists on event registration.
2019-11-04 17:26:43 +01:00
Phoenix616
f90d23cfc3 Update LWC protection and support more LWC forks (LWCX and Modern-LWC) 2019-08-22 13:09:54 +01:00
Phoenix616
c1509dc03a Let's not kid ourselves, this update is too big to be a patch version
This also uses the Bukkit API again instead of spigot (it doesn't use anything from spigot) and also makes sure to exclude any other Bukkit version from the dependency tree
2019-04-02 19:23:52 +01:00
Phoenix616
2243c2fbc6 Update to new AuthMeReloaded API (Fixes #174) 2018-10-15 20:27:38 +01:00
Phoenix616
4ef24c3828 Update to official WG/WE repository 2018-10-15 20:22:42 +01:00
Brokkonaut
b972e79132 Update to WorldGuard 7.0.0 (for 1.13) 2018-08-29 20:32:27 +01:00
Phoenix616
d4e39a3751 Make it compile with 1.13. No guarantees that it works without issues! 2018-07-26 00:13:06 +01:00