From fccf878b81d82a11c7cb9d7364009e0bca39ecf5 Mon Sep 17 00:00:00 2001
From: JaTiTV <75247188+JaTiTV@users.noreply.github.com>
Date: Mon, 31 Mar 2025 07:19:25 +0200
Subject: [PATCH] Critical vulnerability has been closed - exploit has been
 fixed

This version fixes an extremely critical bug!
Please update to Bungee/Waterfall!

This update fixes a security vulnerability that allowed the Voxel Hack Client to execute any command on the proxy if the T2CodeLib was installed on it (https://github.com/Renovsk/VoxelClient-SRC/blob/main/me/nullnet/voxelclient/exploits/T2CExploit.java). This has been fixed.

This has been fixed and all games that try to use this exploit are now displayed in the console.

Translated with www.DeepL.com/Translator (free version)
---
 pom.xml                                                       | 2 +-
 .../t2codelib/BUNGEE/system/pluginMessaging/T2CplmsgBcmd.java | 3 ++-
 .../pluginMessaging/autoResponse/T2CapiAutoResponse.java      | 3 ++-
 .../system/pluginMessaging/opSecurity/T2CapiOpSecurity.java   | 4 +++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3974b85..a6350b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>net.t2code</groupId>
     <artifactId>T2CodeLib</artifactId>
-    <version>17.0_beta-1</version>
+    <version>17.0</version>
     <!--version>VERSION_snapshot-0</version-->
     <!--version>VERSION_beta-0</version-->
     <!--version>VERSION_dev-0</version-->
diff --git a/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/T2CplmsgBcmd.java b/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/T2CplmsgBcmd.java
index bae5db0..eb98492 100644
--- a/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/T2CplmsgBcmd.java
+++ b/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/T2CplmsgBcmd.java
@@ -6,6 +6,7 @@ import net.md_5.bungee.api.connection.Server;
 import net.md_5.bungee.api.event.PluginMessageEvent;
 import net.md_5.bungee.api.plugin.Listener;
 import net.md_5.bungee.event.EventHandler;
+import net.t2code.t2codelib.BUNGEE.api.messages.T2CBsend;
 import net.t2code.t2codelib.Util;
 import org.junit.Ignore;
 
@@ -19,7 +20,7 @@ public class T2CplmsgBcmd implements Listener {
         if (event.getTag().equalsIgnoreCase("t2c:bcmd")) {
 
             if (!(event.getSender() instanceof Server)) {
-                ProxyServer.getInstance().getConsole().sendMessage("§c[Security] Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
+                T2CBsend.console(Util.getPrefix() +" <dark_gray>[<gold>Exploit-protection</gold>]</dark_gray> <red>Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
                 return;
             }
 
diff --git a/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/autoResponse/T2CapiAutoResponse.java b/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/autoResponse/T2CapiAutoResponse.java
index 1cba19d..b1636de 100644
--- a/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/autoResponse/T2CapiAutoResponse.java
+++ b/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/autoResponse/T2CapiAutoResponse.java
@@ -7,6 +7,7 @@ import net.md_5.bungee.api.event.PluginMessageEvent;
 import net.md_5.bungee.api.plugin.Listener;
 import net.md_5.bungee.event.EventHandler;
 import net.t2code.t2codelib.BUNGEE.api.messages.T2CBsend;
+import net.t2code.t2codelib.Util;
 
 import java.io.ByteArrayInputStream;
 import java.io.DataInputStream;
@@ -19,7 +20,7 @@ public class T2CapiAutoResponse implements Listener {
         if (event.getTag().equalsIgnoreCase("t2c:aresp")) {
 
             if (!(event.getSender() instanceof Server)) {
-                ProxyServer.getInstance().getConsole().sendMessage("§c[Security] Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
+                T2CBsend.console(Util.getPrefix() +" <dark_gray>[<gold>Exploit-protection</gold>]</dark_gray> <red>Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
                 return;
             }
 
diff --git a/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/opSecurity/T2CapiOpSecurity.java b/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/opSecurity/T2CapiOpSecurity.java
index ac58a26..5ea67be 100644
--- a/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/opSecurity/T2CapiOpSecurity.java
+++ b/src/main/java/net/t2code/t2codelib/BUNGEE/system/pluginMessaging/opSecurity/T2CapiOpSecurity.java
@@ -5,6 +5,8 @@ import net.md_5.bungee.api.connection.Server;
 import net.md_5.bungee.api.event.PluginMessageEvent;
 import net.md_5.bungee.api.plugin.Listener;
 import net.md_5.bungee.event.EventHandler;
+import net.t2code.t2codelib.BUNGEE.api.messages.T2CBsend;
+import net.t2code.t2codelib.Util;
 
 import java.io.*;
 import java.util.logging.Logger;
@@ -16,7 +18,7 @@ public class T2CapiOpSecurity implements Listener {
         if (event.getTag().equalsIgnoreCase("t2c:opsec")) {
 
             if (!(event.getSender() instanceof Server)) {
-                ProxyServer.getInstance().getConsole().sendMessage("§c[Security] Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
+                T2CBsend.console(Util.getPrefix() +" <dark_gray>[<gold>Exploit-protection</gold>]</dark_gray> <red>Blocked unauthorized plugin message from a player ("+ event.getSender().toString() +")!");
                 return;
             }