Skip to content

v1.0.1 - Security Patch Release

Choose a tag to compare

@kalashnikxvxiii kalashnikxvxiii released this 05 Nov 23:10

Security Fixes 🔒

  • CVE-2025-24970 (Score 7.5): Fixed Netty SSL handler vulnerability by upgrading to 4.1.118.Final
  • CVE-2025-48924 (Score 5.3): Fixed Apache Commons Lang3 uncontrolled recursion vulnerability by upgrading to 3.18.0

Code Improvements 🛠️

  • Replaced deprecated @EventBusSubscriber with modern IEventBus registration
  • Migrated all console logging to SLF4J Logger for better log management
  • Removed redundant null checks and code quality improvements
  • Updated NeoForge from 21.1.209 to 21.1.213

Technical Details

This patch release adds Gradle dependency resolution strategies to force secure versions of transitive dependencies, ensuring all known vulnerabilities are addressed.