fourbites
84bed9e479
Class check cleanup
2026-03-20 20:53:26 +01:00
fourbites
1fd6240d09
Another class filtering fix
2026-03-20 15:41:04 +01:00
fourbites
35b8acb52a
Allow L (array) types
2026-03-20 15:18:36 +01:00
fourbites
c4ab0d13de
Harden deserialization against malicious client input
...
Add three defenses to the Streamable deserialization system to prevent
exploitation by hacked clients:
- Class whitelist: ObjectInputStream.setAllowedClassPrefixes() validates
class names before Class.forName(), blocking arbitrary class loading
from crafted wire data. Callers configure at startup; unconfigured
streams retain existing behavior for backward compatibility.
- Container size caps: BasicStreamers.validateSize() rejects arrays,
collections, and maps with negative or >65536 element counts. Prevents
OOM from a small frame declaring a massive allocation. Applied to all
12 array/collection read paths and Streamer.ArrayStreamer.
- Recursion depth limit: ObjectInputStream.readObject() tracks nesting
depth and throws at 32 levels, preventing stack overflow from
maliciously nested structures (e.g., list-of-list-of-list).
2026-03-20 14:42:10 +01:00
fourbites
2a8db32013
Use keepalive and reduce ping interval
...
Some networks will kill connections sooner than 60s, especially if they are not using keepalive. This fix should reduce the random disconnects some players experience
2026-03-16 14:16:21 +01:00
fourbites
b6a687d2fa
Fix IllegalAccessError crash
...
This was crashing when served from a webapp due to "IllegalAccessError". Lambda expressions seem to make it happy.
2026-01-03 19:45:40 +01:00
fourbites
4185d621f8
Prevent overlapping reboot warning messages
...
It's hard to say if this is the cause, but it won't hurt to clear existing intervals just in case.
2025-12-13 12:04:16 +01:00
Michael Bayne
e35740aba7
[maven-release-plugin] prepare for next development iteration
2025-11-13 16:57:17 -08:00
Michael Bayne
e78dfd88fd
[maven-release-plugin] prepare release narya-1.17.1
2025-11-13 16:57:14 -08:00
Michael Bayne
0be130a383
Handle streaming of data manually.
...
We can no longer reflect on java.awt classes and fiddle with their internals.
2025-11-13 16:53:22 -08:00
Ray J. Greenwell
685468fd70
ConnectionManager can be configured to allow larger messages.
...
Messages that are too big are dropped and the clients have no hope of
recovering. Warnings are logged but that's it. Allow bigger.
2025-10-23 11:27:17 -07:00
Michael Bayne
1361e237ef
[maven-release-plugin] prepare for next development iteration
2025-07-04 09:46:01 -07:00
Michael Bayne
6ec6af0f25
[maven-release-plugin] prepare release narya-1.17
2025-07-04 09:45:58 -07:00
Michael Bayne
91b1c66767
Update to shipped depot & ooo-util.
2025-07-04 09:26:00 -07:00
Michael Bayne
859c7d197d
Javadoc fixes.
2025-07-04 08:54:52 -07:00
Michael Bayne
61fd40f318
Streamline the source header. Update the copyright.
2025-04-03 13:21:33 -07:00
Michael Bayne
2b0ea73dd1
Merge pull request #4 from threerings/dependabot/maven/core/junit-junit-4.13.1
...
Bump junit from 4.10 to 4.13.1 in /core
2025-04-03 13:13:29 -07:00
Michael Bayne
494a8fd06e
Merge pull request #5 from threerings/dependabot/maven/core/org.apache.ant-ant-1.10.9
...
Bump ant from 1.7.1 to 1.10.9 in /core
2025-04-03 13:13:11 -07:00
Michael Bayne
77ccbb97a2
Updating depends.
2025-02-05 10:55:13 -08:00
Michael Bayne
4c98299580
Add a default implementation.
2025-02-05 10:51:56 -08:00
dependabot[bot]
ae54490ddf
Bump ant from 1.7.1 to 1.10.9 in /core
...
Bumps ant from 1.7.1 to 1.10.9.
Signed-off-by: dependabot[bot] <support@github.com >
2021-02-03 19:27:01 +00:00
dependabot[bot]
d611d1d1bf
Bump junit from 4.10 to 4.13.1 in /core
...
Bumps [junit](https://github.com/junit-team/junit4 ) from 4.10 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.10.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.10...r4.13.1 )
Signed-off-by: dependabot[bot] <support@github.com >
2020-10-13 04:35:43 +00:00
Ray J. Greenwell
5b01edc885
Return to SNAPSHOT development.
2018-09-26 16:22:59 -07:00
Ray J. Greenwell
d752f21b9a
Prepare for release of 1.16.5.
2018-09-26 16:19:31 -07:00
Michael Bayne
24b54b8dc6
Added a soak test & isolated test for just fixed bug.
2018-09-26 15:34:12 -07:00
Michael Bayne
11e815fcc3
Do not use buffer limit as indicator of frame completion.
...
If the frame happens to be exactly the same size as the buffer capacity, we
will erroneously think that the last frame was complete because the limit is
normally at the buffer capacity.
This only exploded when we had both a perfectly sized frame and failed to read
it in a single call to read, which apparently took 17 years to happen, and many
billions of frames read.
2018-09-26 15:16:39 -07:00
Ray J. Greenwell
ed7c071de1
Remove debuggery.
2018-09-26 15:12:59 -07:00
Ray J. Greenwell
2dcdcdb76a
Also print buffer capacity.
2018-09-26 11:52:20 -07:00
Ray J. Greenwell
2003ed8ae1
Added logging to debug something...
2018-09-26 11:15:20 -07:00
Ray J. Greenwell
735443f7fc
Return to SNAPSHOT development.
2018-09-24 15:30:33 -07:00
Ray J. Greenwell
feac5c2f92
Prepare for release of 1.16.4.
2018-09-24 15:20:01 -07:00
Ray J. Greenwell
9c986bc4a9
Add hook for validating an outgoing connection.
...
Sometimes a present node uses a port to connect outwards that another
node is listening on.. I considered building-in some smarts for this
into the peer stuff, but for now at least I'll keep it simpler and
more flexible.
2018-09-24 12:54:25 -07:00
Ray J. Greenwell
63ff5753f4
Revert to SNAPSHOT development.
2018-05-09 11:40:54 -07:00
Ray J. Greenwell
35ba8a859a
Prepare for release of 1.16.3.
2018-05-09 11:30:58 -07:00
Ray J. Greenwell
eaed4435b3
Downgrade unmapped connection logging to debug.
2018-05-09 10:56:05 -07:00
Ray J. Greenwell
8232345096
Return to SNAPSHOT development.
2018-04-03 17:57:50 -07:00
Ray J. Greenwell
d56f4d4654
Prepare for release 1.16.2
2018-04-03 17:54:54 -07:00
Ray J. Greenwell
bfbe439942
Configure a larger invocation listener timeout between peers.
...
10 minutes now, up from 90 seconds. Overrideable in PeerNode to set
a different value.
2018-04-03 16:19:38 -07:00
Ray J. Greenwell
7d02ed1730
Back to SNAPSHOT development.
2018-03-22 16:47:07 -07:00
Ray J. Greenwell
fe34b75190
Prepare for release 1.16.1.
2018-03-22 16:42:27 -07:00
Ray J. Greenwell
83dca54314
Spelling fix!
2018-03-22 16:31:13 -07:00
Ray J. Greenwell
eea5f4343a
Allow cross-region connections to use internal IPs.
2018-03-22 16:26:43 -07:00
Ray J. Greenwell
61bee1b160
Revert "Update javadoc with the truth about peers' internalHostName."
...
This reverts commit ec47182263 .
Ummm? I misread the code? So embarassing. For some reason I thought it
was using the public hostname for all connections. Perhaps I misread
the 'hostName' local variable in a PeerNode method for the 'hostName'
in the record.
2018-01-05 15:20:29 -08:00
Ray J. Greenwell
ec47182263
Update javadoc with the truth about peers' internalHostName.
2018-01-05 14:36:01 -08:00
Ray J. Greenwell
4456083bcc
prepare for next development iteration
2017-12-28 08:48:28 -08:00
Ray J. Greenwell
5a96d9e544
prepare release narya-1.16
2017-12-28 08:41:48 -08:00
Ray J. Greenwell
45c98d9446
Make authenticator static to work with newer guice.
2017-12-28 08:35:10 -08:00
Michael Bayne
86c5cf7c75
[maven-release-plugin] prepare for next development iteration
2015-03-12 11:46:43 -07:00
Michael Bayne
1dccfa1d58
[maven-release-plugin] prepare release narya-1.15
2015-03-12 11:46:40 -07:00
Michael Bayne
bbecc4c2fb
Objects deprecated, use MoreObjects.
2015-03-12 11:44:12 -07:00