One bypass was discovered for detecting who has played on a server, where
403 is given for level 2 when user has played and 400 when they have not.
This was fixed.
One 500 error was discovered when the network has no proxy server, /v1/network/servers
ran into NullPointerException in a query.
Marks player EnderCrystal kills for a player and
also counts mobs killed with EnderCrystal explosions as mob kills for a player.
Affects issues:
- Close#1571
Fixed security vulnerability with cookies not being invalidated properly
Request headers were not properly set for the Request object,
leading to the Cookie header missing when logging out, which then left
the cookie in memory. Rogue actor who gained access to the cookie could then
use the cookie to access the panel.
Made cookie expiry configurable with 'Webserver.Security.Cookie_expires_after'
Due to cookie persistence there is no way to log everyone out of the panel.
This will be addressed in a future commit with addition of a command.
Affects issues:
- Close#1740
Applied some thought to how this stuff should work.
- nulls now possible in the column when value is not available
- Called "Join addresses" instead of hostnames
- Remove bogus data with a patch
- Proper hostname method for spigot
- Removed method calls from nukkit since there was nothing that sounded
proper
Affects:
- Close#1798 (Copied all code over)
Bugs fixed:
- LinkCommands: The return value of "orElseThrow" must be used.
- RegistrationCommands: Optional isPresent not same instance as Optional get
Smells fixed:
- Plan: "logger" is the name of a field in "JavaPlugin"
- PlayersTableJSONCreator: Reduce the total number of break and continue statements in this loop to use at most one.
- BukkitAFKListener, SpongeAFKListener, NukkitAFKListener, PlanAPI, CapabilityService: match the regular expression '^[a-z][a-zA-Z0-9]*$'
- TaskSystem: Reorder the modifiers to comply with the Java Language Specification.
- EntityNameFormatter: StringUtils.removeAll moved to RegExUtils.removeAll
- FiltersJSONResolver: fulfill compareTo contract
- ExportTask: Removed duplicate string literal
- FinishedSession.Id: Rename field "id"
