Skip to content

Latest commit

 

History

History
15 lines (14 loc) · 1.17 KB

File metadata and controls

15 lines (14 loc) · 1.17 KB

🚨 Security-related features & adaptions

  • Added several security fixes/exploit patches known from other Call of Duty® games
  • Added g_banIPs dvar support (max. 63 IPs), for use with the addip, removeip and listip console commands
  • Added the possibility to prevent script code from reading and/or writing to cvars (protect console command)
  • Blocked the download of _svr_ (server-sided) .iwd files via direct server download
  • Blocked directory traversal possibilities via direct server download
  • Blocked the download of (stock) IW .iwd files via direct server download
  • Blocked the client console printentities command if cheats are disabled
  • Blocked leakage of script errors on server crash (see sv_genericServerErrorMessage dvar)
  • Added compile flag ENABLE_UNSAFE to toggle the availability of potentially unsafe script functions that would make it easy to harm the server with malicious mod or map scripts
  • Time-constant string comparison for server passwords
  • Fixed known issues with stock voting mechanism (g_allowVote dvar)
  • Fixed some bugs that resulted in server crashes, to improve server availability
  • Packet rate-limiting is always enabled in this fork