fourbites
84bed9e479
Class check cleanup
2026-03-20 20:53:26 +01:00
fourbites
1fd6240d09
Another class filtering fix
2026-03-20 15:41:04 +01:00
fourbites
35b8acb52a
Allow L (array) types
2026-03-20 15:18:36 +01:00
fourbites
c4ab0d13de
Harden deserialization against malicious client input
...
Add three defenses to the Streamable deserialization system to prevent
exploitation by hacked clients:
- Class whitelist: ObjectInputStream.setAllowedClassPrefixes() validates
class names before Class.forName(), blocking arbitrary class loading
from crafted wire data. Callers configure at startup; unconfigured
streams retain existing behavior for backward compatibility.
- Container size caps: BasicStreamers.validateSize() rejects arrays,
collections, and maps with negative or >65536 element counts. Prevents
OOM from a small frame declaring a massive allocation. Applied to all
12 array/collection read paths and Streamer.ArrayStreamer.
- Recursion depth limit: ObjectInputStream.readObject() tracks nesting
depth and throws at 32 levels, preventing stack overflow from
maliciously nested structures (e.g., list-of-list-of-list).
2026-03-20 14:42:10 +01:00
fourbites
2a8db32013
Use keepalive and reduce ping interval
...
Some networks will kill connections sooner than 60s, especially if they are not using keepalive. This fix should reduce the random disconnects some players experience
2026-03-16 14:16:21 +01:00
fourbites
b6a687d2fa
Fix IllegalAccessError crash
...
This was crashing when served from a webapp due to "IllegalAccessError". Lambda expressions seem to make it happy.
2026-01-03 19:45:40 +01:00
fourbites
4185d621f8
Prevent overlapping reboot warning messages
...
It's hard to say if this is the cause, but it won't hurt to clear existing intervals just in case.
2025-12-13 12:04:16 +01:00
Michael Bayne
e35740aba7
[maven-release-plugin] prepare for next development iteration
2025-11-13 16:57:17 -08:00
Michael Bayne
e78dfd88fd
[maven-release-plugin] prepare release narya-1.17.1
2025-11-13 16:57:14 -08:00
Michael Bayne
0be130a383
Handle streaming of data manually.
...
We can no longer reflect on java.awt classes and fiddle with their internals.
2025-11-13 16:53:22 -08:00
Ray J. Greenwell
685468fd70
ConnectionManager can be configured to allow larger messages.
...
Messages that are too big are dropped and the clients have no hope of
recovering. Warnings are logged but that's it. Allow bigger.
2025-10-23 11:27:17 -07:00
Ray J. Greenwell
c8996bedf0
Support alternate indent widths for code generation.
2025-09-09 16:05:34 -07:00
Michael Bayne
1361e237ef
[maven-release-plugin] prepare for next development iteration
2025-07-04 09:46:01 -07:00
Michael Bayne
6ec6af0f25
[maven-release-plugin] prepare release narya-1.17
2025-07-04 09:45:58 -07:00
Michael Bayne
91f9d7bd39
Move central publishing plugin to <plugins>.
...
Apparently this new one doesn't want to be in <pluginManagement>?
2025-07-04 09:42:23 -07:00
Michael Bayne
530c0cb05d
http to https.
2025-07-04 09:33:33 -07:00
Michael Bayne
5a1784eaaf
Update to gpg plugin 1.5.
2025-07-04 09:31:43 -07:00
Michael Bayne
91b1c66767
Update to shipped depot & ooo-util.
2025-07-04 09:26:00 -07:00
Michael Bayne
5090cc943e
Convert to new Sonatype publishing bits.
2025-07-04 08:58:05 -07:00
Michael Bayne
859c7d197d
Javadoc fixes.
2025-07-04 08:54:52 -07:00
Michael Bayne
61fd40f318
Streamline the source header. Update the copyright.
2025-04-03 13:21:33 -07:00
Michael Bayne
1d7365ca32
Merge pull request #3 from threerings/dependabot/maven/tools/junit-junit-4.13.1
...
Bump junit from 4.10 to 4.13.1 in /tools
2025-04-03 13:13:46 -07:00
Michael Bayne
2b0ea73dd1
Merge pull request #4 from threerings/dependabot/maven/core/junit-junit-4.13.1
...
Bump junit from 4.10 to 4.13.1 in /core
2025-04-03 13:13:29 -07:00
Michael Bayne
494a8fd06e
Merge pull request #5 from threerings/dependabot/maven/core/org.apache.ant-ant-1.10.9
...
Bump ant from 1.7.1 to 1.10.9 in /core
2025-04-03 13:13:11 -07:00
Michael Bayne
15ce3f38ea
Merge pull request #6 from threerings/dependabot/maven/tools/org.apache.ant-ant-1.10.9
...
Bump ant from 1.7.1 to 1.10.9 in /tools
2025-04-03 13:13:00 -07:00
Michael Bayne
cb3c971312
Ignore Maven target directories.
2025-02-05 11:23:35 -08:00
Michael Bayne
77ccbb97a2
Updating depends.
2025-02-05 10:55:13 -08:00
Michael Bayne
cb065fcbd2
Target Java 10.
2025-02-05 10:54:59 -08:00
Michael Bayne
4c98299580
Add a default implementation.
2025-02-05 10:51:56 -08:00
dependabot[bot]
3003f15e76
Bump ant from 1.7.1 to 1.10.9 in /tools
...
Bumps ant from 1.7.1 to 1.10.9.
Signed-off-by: dependabot[bot] <support@github.com >
2021-02-03 19:27:16 +00:00
dependabot[bot]
ae54490ddf
Bump ant from 1.7.1 to 1.10.9 in /core
...
Bumps ant from 1.7.1 to 1.10.9.
Signed-off-by: dependabot[bot] <support@github.com >
2021-02-03 19:27:01 +00:00
dependabot[bot]
d611d1d1bf
Bump junit from 4.10 to 4.13.1 in /core
...
Bumps [junit](https://github.com/junit-team/junit4 ) from 4.10 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.10.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.10...r4.13.1 )
Signed-off-by: dependabot[bot] <support@github.com >
2020-10-13 04:35:43 +00:00
dependabot[bot]
af07592b21
Bump junit from 4.10 to 4.13.1 in /tools
...
Bumps [junit](https://github.com/junit-team/junit4 ) from 4.10 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.10.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.10...r4.13.1 )
Signed-off-by: dependabot[bot] <support@github.com >
2020-10-13 04:35:18 +00:00
Ray J. Greenwell
5b01edc885
Return to SNAPSHOT development.
2018-09-26 16:22:59 -07:00
Ray J. Greenwell
d752f21b9a
Prepare for release of 1.16.5.
2018-09-26 16:19:31 -07:00
Michael Bayne
74a75b78a4
These shared configs should be in <pluginManagement>.
2018-09-26 15:34:38 -07:00
Michael Bayne
24b54b8dc6
Added a soak test & isolated test for just fixed bug.
2018-09-26 15:34:12 -07:00
Michael Bayne
11e815fcc3
Do not use buffer limit as indicator of frame completion.
...
If the frame happens to be exactly the same size as the buffer capacity, we
will erroneously think that the last frame was complete because the limit is
normally at the buffer capacity.
This only exploded when we had both a perfectly sized frame and failed to read
it in a single call to read, which apparently took 17 years to happen, and many
billions of frames read.
2018-09-26 15:16:39 -07:00
Ray J. Greenwell
ed7c071de1
Remove debuggery.
2018-09-26 15:12:59 -07:00
Ray J. Greenwell
2dcdcdb76a
Also print buffer capacity.
2018-09-26 11:52:20 -07:00
Ray J. Greenwell
2003ed8ae1
Added logging to debug something...
2018-09-26 11:15:20 -07:00
Ray J. Greenwell
735443f7fc
Return to SNAPSHOT development.
2018-09-24 15:30:33 -07:00
Ray J. Greenwell
feac5c2f92
Prepare for release of 1.16.4.
2018-09-24 15:20:01 -07:00
Ray J. Greenwell
9c986bc4a9
Add hook for validating an outgoing connection.
...
Sometimes a present node uses a port to connect outwards that another
node is listening on.. I considered building-in some smarts for this
into the peer stuff, but for now at least I'll keep it simpler and
more flexible.
2018-09-24 12:54:25 -07:00
Ray J. Greenwell
63ff5753f4
Revert to SNAPSHOT development.
2018-05-09 11:40:54 -07:00
Ray J. Greenwell
35ba8a859a
Prepare for release of 1.16.3.
2018-05-09 11:30:58 -07:00
Ray J. Greenwell
eaed4435b3
Downgrade unmapped connection logging to debug.
2018-05-09 10:56:05 -07:00
Ray J. Greenwell
8232345096
Return to SNAPSHOT development.
2018-04-03 17:57:50 -07:00
Ray J. Greenwell
d56f4d4654
Prepare for release 1.16.2
2018-04-03 17:54:54 -07:00
Ray J. Greenwell
bfbe439942
Configure a larger invocation listener timeout between peers.
...
10 minutes now, up from 90 seconds. Overrideable in PeerNode to set
a different value.
2018-04-03 16:19:38 -07:00