This is not the re-code, I released some breaking config changes for servers that used to rely on the automatic proxy detection.
If you are not using a proxy or are using velocity with the plugin on the proxy you are unaffected but otherwise there is another way to trigger an old vulnerability.
Major thanks to @mia who first made me aware of the issue, you can find their full writeup here https://roote.rs/posts/advancedportals/
I will be archiving any versions affected by this on Bukkit shortly and removing them from Modrinth.
Head over to https://www.spigotmc.org/resources/advanced-portals.14356/ to download the latest update as its still being approved on other websites.
If anyone has been majorly abusing this I believe it would be quite clear though users may have been using it to trigger portals without being near them quietly though if they are doing this they likely would have been using other hacks as you would have to add custom code specifically targeted for this exploit.
💥 Breaking Change
- fix!: disable proxy detection to avoid vulnerabilities (see full commit for more info) #436 (@sekwah41)
- fix: stop portal packets still being forwarded to the client #436 (@sekwah41)
Authors: 1
- Sekwah (@sekwah41)
This is a legacy version uploaded for anyone using 1.8-1.12
It does not have full proxy support but does allow the bungee tag.
I will be looking to allow older versions to work once I have the recode further along which is progressing nicely.