SmartFoxServer PRO Patch
IMPORTANT: SmartFoxServer 1.6.6 (Full Installer) is required. If you previously patched an earlier SmartFoxServer PRO with the 1.6.6 patch then this update is not going to work. Please install SmartFoxServer 1.6.6 from scratch before using this patch.
- Patched an attack scheme where a client disconnected while sending malformed packets could create one or multiple logged in users, when no server-side login credentials check is in place.
ALSO INCLUDED IN THIS PATCH
- Added more severe policy for malformed packets (XML, JSON and string based). Malformed requests will cause immediate client disconnection.
- Added checks for presence of ENTITY XML definitions.
- Added disconnection thread pool the event in parallel without blocking the socket-reader thread.
- Fixed important XML vulnerability.
- Fixed MD5 generation concurrency issue.
- Fixed an issue with possible wrong Room user counts.
- Fixed an issue with possible duplicate playerId in Game Rooms.
- Added new configurable limit for BuddyVariables value length: <maxBuddyVariableLen> (default = 255 chars), can be added in the BuddyList config block.
- Added new overloaded constructors for RoomVariables on the server side, similarly to UserVariable constructors.
- Added IP of client sending a malformed packet in the warning message.
- Added setTemp(boolean value) method to the Room class.
- Added Room object in spectatorSwitch and playerSwitch events on server side.
- Server side updates referencing Rooms not managed by the local RoomList no longer throw Error #1009.
- Improved error checking while looping over several aggregated messages.
- Connecting to a Server that is not running no longer fires a Security error.
- Fixed a bug causing ClassCastException when calling Room.getAllUsers() method.
- Fixed a bug in manually removing banned users from Admin Tool.
- Fixed a bug with representation of booleans in User/Room Variables that could lead to wrong values.
- Added support for forceLogin parameter in login method under Python server side framework.
- Fixed a bug with HTTP connection cacheing that could create potential problems with the BlueBox under specific circumstances.
- Modified AS2 API to avoid checkRoomList verification for sendXtMessage. Might create problems with provided examples.
- SecurityErrors in AS3 are now handled internally and traced to the console instead of letting the event bubbling up.
- Fixed a bug causing an erratic NPE when removing IPs from IP filter.
- Fixed a bug with banned users cleaning mode MANUAL.
- Fixed a bug with removeBanishment server side method, failing to remove the banned user.
- Added creation of specific H2DB indexes to enhance performance for very large Buddy List databases (read note below).
- Fixed a bug in logging Actionscript exception which could cause NPE if the extension was cached.
- Fixed an issue that could fire an NPE when checking a stale AddBuddy Permission request.
- Fixed a possible concurrency issue when adding tasks to a Scheduler.
- Minor performance optimizations for concurrent code in Server controllers.
- Minor optimizations in resource saving in Server controllers.
- Changed the way multiple calls to getRoomList() affect the local API data. Now data is merged, instead of being overwritten. This should not affect any previous code.
- Fixed a compatibility issue with AS3 API and Linux Flash Player. The issue is due to a bug from Adobe, yet to be fixed in version 10 of the player.
- Fixed bug in AS2 API which would affect reconnection after first attempt fail when smartConnect feature is turned on.
The installation of the patch does not modify/alter your current BuddyList 2.0 database tables. It will only create the index on tables generated after the patch was installed. If you want to fix your current tables for better performance you can do it by following the simple instructions provided in this post from our support board: http://www.smartfoxserver.com/forums/viewtopic.php?p=22070#22070.
(c) 2017 GOTOANDPLAY snc -- All rights reserved --