Skip to content

Releases: schooldevontop/MoontrixLogin

MoontrixLogin v1.5.0

Choose a tag to compare

@schooldevontop schooldevontop released this 19 Feb 16:18
ee6f834

Stable release with major compatibility and deployment improvements.

Highlights

  • Finalized version 1.5.0 (removed beta labeling in build metadata).
  • Added full admin subcommands under /moontrixlogin:
    • force_login
    • force_logout
    • info
    • reload
  • Added runtime hot-reload support for key modules:
    • security
    • antiBot
    • mail
    • rememberMe/JWT
    • listeners + command rebinding

Compatibility

  • Declared support for Bukkit ecosystem variants:
    • Bukkit
    • Spigot
    • Paper
    • Purpur
    • Pufferfish
    • Folia
  • Added compatibility matrix CI with API profiles across JDK versions.
  • Added runtime smoke-test workflow for:
    • Paper
    • Purpur
    • Folia (runtime job currently pinned to 1.20.1)

Java Target Refactor

  • Refactored project to Java 8 target bytecode.
  • Updated dependencies to Java 8-compatible versions.
  • Removed Java 11+/16+ language/API usage:
    • record, var, pattern matching instanceof
    • String.isBlank, Optional.isEmpty, Map.of, CompletableFuture.failedFuture
    • java.net.http migrated to HttpURLConnection

Security / Stability

  • Hardened AbuseIPDB integration:
    • fail-open behavior on timeout/rate-limit/errors
    • backoff caching
    • duplicate-refresh protection
  • Improved reload observability with detailed per-module logs.
  • Added explicit config guidance for required MOONTRIX_JWT_SECRET.

Localization

  • Added dual-language message support via config:
    • language: "en" or language: "vi"
  • Message loader now resolves language file dynamically with fallback to English.

Templates & Resources

  • Removed deprecated root email templates.
  • Upgraded active templates in templates/ with professional HTML/CSS styling.
  • Cleaned old artifacts and standardized packaged output naming.

Notes

  • If upgrading from older releases, review config.yml for new/updated keys (especially language and antiBot/AbuseIPDB options).
  • For CI/runtime claims, see workflows:
    • compat-matrix.yml
    • runtime-smoke.yml

MoontrixLogin v1.5.0-beta

Choose a tag to compare

@schooldevontop schooldevontop released this 14 Feb 04:27
62f0d4a

Major beta update focused on security hardening, runtime compatibility, and operational reliability.

Highlights

  • Security architecture significantly upgraded.
  • Runtime compatibility target extended to 1.8 -> 1.21.11.
  • Improved session protection, brute-force defense, and secret management.

Added

  • Remember Me login with signed JWT:
    • /login <password> [totp] [remember]
  • Multi-factor session validation:
    • IP prefix
    • Device fingerprint
    • JWT claim verification
  • Runtime server version compatibility logging:
    • explicit logs for legacy, supported, and newer-than-tested versions
  • Secret reference support in config:
    • ${ENV:...}
    • ${AES_GCM:...}
    • ${VAULT:path#field}
  • Anti-bot upgrades:
    • adaptive CAPTCHA
    • device fingerprint failure tracking
    • optional AbuseIPDB reputation checks
  • Security automation:
    • OWASP dependency-check integration
    • Dependabot configuration
    • security workflow updates

Changed

  • Caffeine caching integrated and tuned for high-load usage.
  • HikariCP pool tuning improved:
    • pool sizing
    • keepalive
    • timeout tuning
    • leak detection
    • high-usage warning logs
  • Remember token persistence upgraded:
    • stored in remember-tokens.properties
    • encrypted at rest (AES-GCM) when JWT secret is configured
    • unreadable token file is quarantined (.invalid-<timestamp>)
  • Plugin metadata updated to version 1.5.0-beta.

Security

  • Plaintext secrets are no longer the recommended path.
  • Secret reference resolution is now fail-fast with explicit startup logs.
  • Progressive brute-force lock schedule:
    • 1h -> 24h -> 7d -> permanent
  • Stricter session invalidation on context mismatch.

Compatibility

  • Legacy-compatible API baseline adopted.
  • plugin.yml no longer hard-locks modern api-version.
  • Target server range: Spigot/Paper/Purpur 1.8 to 1.21.11.

Upgrade Notes

  • Set a strong JWT secret before enabling remember-me.
  • Rotating JWT secret invalidates existing remember tokens by design.
  • Review updated config and hardening docs:
    • src/main/resources/config.yml
    • docs/HARDENING_GUIDE.md

MoontrixLogin v1.0.0 – Initial Release

Choose a tag to compare

@schooldevontop schooldevontop released this 12 Feb 08:12
8f25350

MoontrixLogin v1.0.0

Initial public release.

Highlights

  • Secure authentication with BCrypt
  • Session tracking with IP/UUID validation
  • Anti-bot & brute-force protection
  • MySQL and SQLite support
  • Email verification & password recovery
  • Optional TOTP (2FA) and captcha
  • Configurable messages and rules

Technical

  • API Version: 1.21.x
  • Compatible: Spigot / Paper / Purpur / Folia
  • Requires Java 21+

Notes

  • Always back up your database before updating.