Denying due to lack of support.
Posts by wild1145
-
-
Denying due to lack of support.
-
-
While I agree with using coins in other ways, the suggestion isn't really fleshed out enough to do a lot with. Denying for now.
-
We already have a ticket open to check it's CoreProtect behaviour and if it is okay then to allow it - https://totalfreedom.atlassian.net/browse/FS-383
Approving as duplicate.
-
-
Hi Folks,
I'm just looking really to see if anyone in the community is aware of any awesome tools out there that can help with managing authentication to linux hosts. Right now I'm using FreeIPA to manage auth to a number of boxes and it works okay, but requires a bit of work on my part now to get it in a good state, and honestly I'd probably rather start from scratch so keen to see if there's a better option or not.
I've had a look at Teleport ( https://goteleport.com/ ) but found it woefully disappointing on their open source plan.
Anyone know any other good tools out there?
-
wild1145 could i be allowed to share the link to the discord for the project here?
No, having joined the discord, it has 0 to do with archiving builds and is being used as a way for you to bypass the Discord TOS and ultimately to have a dig at how TF is ran.
-
Given I know a lot of dev's and other servers have a Redis Dependency, please be aware of the following Two CVE's I've been made aware of, the first not yet being classified a severity and the second being deemed high severity:
redis -- redis A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416. 2022-10-28 not yet calculated CVE-2022-3734
N/A
N/Aredis -- redis A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. 2022-10-21 7.5 CVE-2022-3647
N/A
N/A -
Given I know a few people here also run NextCloud instances, I've been made aware of the following CVE's:
nextcloud -- server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. 2022-10-27 not yet calculated CVE-2022-39329
MISC
CONFIRM
MISCnextcloud -- server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app. 2022-10-27 not yet calculated CVE-2022-39330
MISC
CONFIRM
MISCnextcloud -- server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. 2022-10-27 not yet calculated CVE-2022-39364
MISC
CONFIRM
MISC
MISC -
Given I know a few people self-host Gitlab in this community, this might be relevant:
gitlab -- gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. 2022-10-28 4.3 CVE-2022-2882
MISC
MISC
CONFIRMgitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO 2022-10-28 not yet calculated CVE-2022-2826
CONFIRM
MISC
MISC -
Just as I know a few people here use Discourse, I've been made aware of the following CVE:
discourse -- patreon Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts. 2022-10-26 9.8 CVE-2022-39355
MISC
CONFIRM -
Are we absolutely sure that BlocksHub isn't used to interface with WorldGuard?
Nothing came up in testing to concern me. If you see anything that looks off then let me know but I couldn't see any issues with removing BlocksHub during my testing.
-
Anvils may cause client issues though so they should be investigated further and stay blocked.
They are not currently blocked, hence this post.
-
Why is the netherite shovel here, exactly?...
Not really sure, it's been there for a while from what I can see. Though this is also after I merged the WorldEdit and AWE Blocked blocks.
These should stay blocked and are blocked for a reason. They're all laggy blocks if there's thousands of them in the same area. And the buttons I shouldn't even have to explain
Buttons didn't seem to cause lags (Nor did torches) when they were used in testing, though they were in limited quantities so might be a scale issue.
-
Just a super short update but keen to try to be transparent with you folks when we're making changes on the Freedom game-mode.
After doing some confirmation testing on our new test server earlier today, I've removed Blocks Hub from the Freedom-01 server. I don't think this should actually have an impact to anyone, but is one less plugin running, and it's a plugin which has historically been a bit crap at best.
-
Reason: Gravity is disabled and we had no problems with them since we disabled gravity.
but I think sand and concrete powder shouldn't be blocked since we don't have gravity, no?
So to both of these, yes Gravity is disabled and the intention will be to keep it disabled going forward.
-
I'm creating a couple of threads to start a conversation around the block list for our WorldEdit and ASyncWorldEdit. With various changes we've made to the server over the last few years, now feels as good of a time as any to do a bit of a community review of what's blocked and what's not blocked, and if we need to edit the list.
I'd like to see a strong argument either to un-block, re-block, or keep as-is and some strong justification if we want to make changes to the list. Likewise if there's a suggestion to make a change, please have a healthy discussion to help thrash out if it should be changed or not.
The following items are currently blocked, What I'd like is the community to have a sensible discussion on if these items should remain blocked or if there is now suitable justification to allow them to be used by WorldEdit / AWE.
Code
Display More- "minecraft:stone_button" - "minecraft:birch_button" - "minecraft:acacia_button" - "minecraft:warped_button" - "minecraft:crimson_button" - "minecraft:dark_oak_button" - "minecraft:jungle_button" - "minecraft:oak_button" - "minecraft:spruce_button" - "minecraft:cactus" - "minecraft:sugar_cane" - "minecraft:campfire" - "minecraft:structure_block" - "minecraft:end_gateway" - "minecraft:end_portal" - "minecraft:spawner" - "minecraft:enchanting_table" - "minecraft:bubble_column" - "minecraft:beehive" - "minecraft:beenest" - "minecraft:jigsaw" - "minecraft:soul_campfire" - "minecraft:respawn_anchor" - "minecraft:netherite_shovel" -
I'm creating a couple of threads to start a conversation around the block list for our WorldEdit and ASyncWorldEdit. With various changes we've made to the server over the last few years, now feels as good of a time as any to do a bit of a community review of what's blocked and what's not blocked, and if we need to edit the list.
I'd like to see a strong argument either to un-block, re-block, or keep as-is and some strong justification if we want to make changes to the list. Likewise if there's a suggestion to make a change, please have a healthy discussion to help thrash out if it should be changed or not.
The following items are currently blocked, What I'd like is the community to have a sensible discussion on if these items should remain blocked or if there is now suitable justification to allow them to be used by WorldEdit / AWE.
Code
Display More- "minecraft:grass" - "minecraft:dead_bush" - "minecraft:moving_piston" - "minecraft:piston_head" - "minecraft:sunflower" - "minecraft:rose_bush" - "minecraft:dandelion" - "minecraft:poppy" - "minecraft:brown_mushroom" - "minecraft:red_mushroom" - "minecraft:tnt" - "minecraft:torch" - "minecraft:wall_torch" - "minecraft:fire" - "minecraft:redstone_wire" - "minecraft:wheat" - "minecraft:potatoes" - "minecraft:carrots" - "minecraft:melon_stem" - "minecraft:pumpkin_stem" - "minecraft:beetroots" - "minecraft:rail" - "minecraft:lever" - "minecraft:redstone_torch" - "minecraft:redstone_wall_torch" - "minecraft:repeater" - "minecraft:comparator" -
I'm creating a couple of threads to start a conversation around the block list for our WorldEdit and ASyncWorldEdit. With various changes we've made to the server over the last few years, now feels as good of a time as any to do a bit of a community review of what's blocked and what's not blocked, and if we need to edit the list.
I'd like to see a strong argument either to un-block, re-block, or keep as-is and some strong justification if we want to make changes to the list. Likewise if there's a suggestion to make a change, please have a healthy discussion to help thrash out if it should be changed or not.
The following items are currently blocked, What I'd like is the community to have a sensible discussion on if these items should remain blocked or if there is now suitable justification to allow them to be used by WorldEdit / AWE.
Code
Display More- "minecraft:bubble_coral" - "minecraft:oak_sapling" - "minecraft:jungle_sapling" - "minecraft:dark_oak_sapling:" - "minecraft:spruce_sapling" - "minecraft:birch_sapling" - "minecraft:acacia_sapling" - "minecraft:black_bed" - "minecraft:blue_bed" - "minecraft:brown_bed" - "minecraft:cyan_bed" - "minecraft:gray_bed" - "minecraft:green_bed" - "minecraft:light_blue_bed" - "minecraft:light_gray_bed" - "minecraft:lime_bed" - "minecraft:magenta_bed" - "minecraft:orange_bed" - "minecraft:pink_bed" - "minecraft:purple_bed" - "minecraft:red_bed" - "minecraft:white_bed" - "minecraft:yellow_bed" - "minecraft:powered_rail" - "minecraft:detector_rail" - "minecraft:activator_rail"
