New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reject invalid orders from unvalidated clients. #14566

merged 1 commit into from Dec 23, 2017


None yet
3 participants

pchote commented Dec 23, 2017

This fixes an exploit that allows unsolicited and anonymous chat messages to be sent to a server. See from 1:45:30.

Thanks to @netnazgul for reporting this!

@pchote pchote added this to the Next release milestone Dec 23, 2017

@abcdefg30 abcdefg30 merged commit 4c64a37 into OpenRA:bleed Dec 23, 2017

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
continuous-integration/travis-ci/pr The Travis CI build passed

This comment has been minimized.

Show comment
Hide comment

abcdefg30 commented Dec 23, 2017

@pchote pchote deleted the pchote:fix-server-connection-exploit branch Apr 28, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment