Skip to content

List of Known Exploit Fixes

John edited this page Sep 28, 2021 · 5 revisions
  • (c2833484 and 61070d8b (later adjusted via e11d527b)) Addresses a vulnerability in a controller message from the client that allowed sending a message from the client to delete any game object without server-side validation.
  • (65977703 and 8ed0a7cb) Addresses a vulnerability in buyback container item transfers.
  • (23c8f343) Addresses a scripting issue that created a vulnerability in certain client-side admin commands.
  • (f8a5b050) Adds additional level of validation to container opening admin commands.
  • (62edbcf6) Blocks using /open on a crafting tool to get generated items prior to completing the crafting process.
  • (315e1d53 and 6aa96f00 and b3d51a77) Addresses an exploit where stackable items could be sold to a junk dealer while in the player's toolbar and then retrieved from the buyback container unintentionally by clicking the item in the toolbar allowing a loop of selling and buying back the item.
  • (e5c9ef5b (later adjusted via e5536f68) Fixes an exploit that allows a player to loop using the /examine command and speed hack accelerate their movement.
  • (fb0b6407) Fixes an exploit that allows any Jedi Profession to request a robe from a Force Shrine if they don't have one in their inventory. The common exploit tactic involved requesting a robe, selling to a junk dealer, and repeating.
  • (0b7ba4c7) Disallows auctioning an item that isn't contained by a player to fix an exploit that allowed players to sell an item to the Bazaar and a Junk Dealer in close succession.
  • (d9ff25d0) Fixes an exploit that sometimes allowed non-admin players to execute certain console admin commands.
  • (e1268bc8) Corrects a bug that could be exploited to get behind certain collidable objects.
  • (36785b34) Adjusts how isGod checks are validated for additional security around parsing admin commands.
  • (b81ee4db (later adjusted via 39d77b6f) Forcefully disconnects clients which attempt to send unauthorized controller messages to prevent unintended communication.
Clone this wiki locally