Skip to content

v1.5.0

Latest

Choose a tag to compare

@Kaiede Kaiede released this 15 Jul 21:00
a676e07

New Tool Commands

It's now possible to run a few different commands from within the container:

  • bedrockifier restore
  • bedrockifier clear-host-keys
  • bedrockifier healthcheck
  • bedrockifier token
  • bedrockifier trigger-backup

You can now use the container directly to restore your worlds, reset the known host keys for SSH connections, perform a health check, get the HTTP token for development purposes, or trigger an immediate backup. The wiki contains more information on how to use these commands.

@AustinSaintAubin helped contribute much of bones of the restore command, which was then rolled into the CLI tool itself from his original shell script.

  • Unify Executables by @Kaiede in #178
  • Server-focused Commands (Restore, Clear Host Keys, Get HTTP Token) by @Kaiede in #179

Security Fixes

A static analysis revealed two potential security issues that have been fixed in this release:

  • A long-standing path traversal issue with world names, which fortunately wasn't easy to abuse. With the addition of the restore command, there are some avenues to abuse this if someone has write access to the backups, but not the MC server itself, or admin access to the containers. The result is that they could modify the MC server using a malicious backup, adding a malicious mod, modifying the OP list, etc. However, it still requires someone with admin access try to restore the backup using bedrockifier restore.

  • A timing attack on the HTTP token introduced in 1.4.0, which reduces the time required to brute-force the token. As the token is only used for triggering immediate backups currently, the impact is limited to a denial of service attack.

Removed Dependencies

Docker CLI and rcon-cli are no longer included in the image, instead being handled by the service directly. This saves around 25% of the image download size, on top of the savings in 1.4.1. This cuts down the raw image size by around half in total compared to 1.4.0.

Some smaller housekeeping was also done to reduce leakage of build-time tools into the final image. This should help improve the security posture of the container as a whole.

Dependencies

  • Update dependency hummingbird-project/hummingbird to from: "2.24.0" by @renovate[bot] in #183
  • Update dependency apple/swift-nio to from: "2.100.0" by @renovate[bot] in #181
  • Update dependency itzg/easy-add to v0.8.13 by @renovate[bot] in #180
  • Update dependency apple/swift-log to from: "1.12.1" by @renovate[bot] in #182
  • Update swift Docker tag to v6.3.2 by @renovate[bot] in #177

Full Changelog: v1.4.1...v1.5.0