MyAAC v1.9.1

[slawkens]

I found another security vulnerability, probably one of the last.
It was in install script.
If you don't have install/ip.txt, or if you removed the whole install folder - you are safe.
You can also apply this patch - 8e7cb12
In worst scenario it allows to give admin rights to the specific account.
So check your accounts table to see if you are already compromised - search for web_flags = 3.

Full changelog:

Added

• New Setting: Require Vowels for character name (41272b3)

Fixed

• Don't trust cloudflare IP, can be spoofed (8e7cb12)
• Rewrite how install works, to prevent unauthorized access (f408663)

Updated

• Update clients list to include 15.10 & 15.11 (cc9c607)

---

This discussion was created from the release MyAAC v1.9.1.