Skip to content

0.2.0

Choose a tag to compare

@MagmaVRC MagmaVRC released this 04 Jun 17:35
67ce271

S2ModManager 0.2.0

Security

  • Reject unsafe PAK stem values in imported and P2P-received profiles, closing a path traversal (zip slip) that could write arbitrary files outside the mods folder.
  • Contain every materialized mod write to its target directory with a lexical containment guard, so no mod field can escape the Paks or UE4SS Mods folder.
  • Bound P2P handshake and manifest frame sizes before authentication, preventing unauthenticated peers from triggering huge allocations.
  • Cap received file sizes on the P2P transfer path.
  • All downloads are now HTTPS-only, including across redirects, preventing on-path downgrade attacks.
  • Verify the downloaded UE4SS archive against the SHA-256 digest GitHub reports before installing.
  • Cap the multithreaded LZMA decoder's memory at 1 GiB so a crafted stream cannot exhaust memory.
  • Only open http and https URLs in the browser; never hand other schemes to the shell.
  • Reject NTFS alternate-data-stream paths in shared profile file names.

Changed

  • HTTP and download requests now abort after 30 seconds of stalled transfer instead of hanging.
  • Duplicating a profile now copies compressed blobs directly instead of decompressing and recompressing, making large profile duplication much faster.
  • VFS commit reuses a single file handle for all on-disk reads instead of reopening per entry.
  • Toggling multiple mods at once now batches all toggles in a single frame.
  • SN2ModSettings dependency scan skips non-Lua mods and searches bytes in place, reducing startup time.
  • VFS entry lookup uses a hash map instead of a sorted tree.
  • Per-frame search, conflict detection, and row-key formatting are cached or allocation-free.
  • Deduplicated trim, lowerExt, and isPakSibling utilities into core/Paths.
  • Unified BundleModKind and ModType into a single ModKind enum.
  • Extracted shared PAK renumbering logic into ProfileStore::shiftPaksDown.
  • Config values are clamped and normalized on load.
  • Read-only string parameters across core and platform layers now take std::string_view instead of const std::string&, eliminating unnecessary heap allocations for callers passing literals or substrings.

Fixed

  • Fix an integer-overflow in the Data.dat index bounds check that a crafted store could slip past.
  • Make the Data.dat commit key its rewritten offsets by entry path instead of iteration position, removing a latent index-corruption hazard.
  • The Delete-key "Confirm Uninstall" dialog now actually opens (it was created in the wrong UI scope).
  • Generating a connection key no longer freezes the window while the firewall rule is created.
  • Warn when a PAK mod's companion files could not be copied during install.
  • Install PAK and UE4SS mods in a stable, sorted order so load-order numbering no longer varies by machine.
  • Warn when enabled PAK mods share the same pak name or enabled UE4SS mods target the same Mods folder.
  • Reject out-of-range octets when validating a typed or detected IPv4 address.
  • Serialize all profile-store access with a recursive mutex so a P2P receive or import worker can no longer race the UI thread and corrupt the in-memory library.