Skip to content

TShock 4.5.18
Compare
Choose a tag to compare
@hakusaro hakusaro released this 17 Aug 04:04
· 542 commits to general-devel since this release
v4.5.18
1d4d19f

This version of TShock for Terraria adds updated and improved handling of SendTileRectangle packets. The previous approach acted on a "denylist" basis. That is to say, it attempted to parse out which actions were invalid, and denied based on patterns that matched that. Based on a cheating client that was recently released, @punchready implemented an alternative system, based on an allowlist approach. This approach, in contrast to the prior approach, only permits SendTileRectangle placements that specifically exist in the game, based on hand-analysis of the game logic. If you encounter any normal gameplay situations that render these fixes problematic, please send us a report. This should dramatically increase serverside security and prevent a host of exploits affecting TShock. Also included in this patch is a fix for an exploit that allowed users to place ice tiles in protected regions. This was revealed by a cheat developer to be a method for griefing some public servers with spawn protection.

Notable changes in this version

  • Fixed TSPlayer.GiveItem not working if the player is in lava. (@gohjoseph)
  • Only allow using Teleportation Potions, Magic Conch, and Demon Conch whilst holding them. (@drunderscore)
  • Updated server startup language to be more clear when encountering a fatal startup error. Now, the server gives more context as to what happened so that there's a better chance of people being able to help themselves. (@hakusaro)
  • Added -worldevil <type> command line argument (@NotGeri)
  • Added PlayerHasBuildPermission hook to PlayerHooks. (@AnzhelikaO, @Killia0)
  • Fixed an exploit in which the Ice Block deletion allowance from the Ice Rod bypassed region protection, allowing for deleting all tiles in a protected region and/or replacing them with Ice Blocks. (@punchready)
  • Changed SendTileRect handling from a denylist to an allowlist with stricter checks. This prevents essentially all exploits involving this packet. Most notably this stops people from placing arbitrary tiles with arbitrary framing values, which are the root of most exploits. (@punchready)
  • Removed the config options TileRectangleSizeThreshold and KickOnTileRectangleSizeThresholdBroken because they are made obsolete by the new system, which will only allow valid rectangle sizes (at a maximum of only 4 by 4 tiles in 1.4.3.6). (@punchready)
  • Bumped Newtonsoft Json to 13.0.1. (@dependabot)

Upgrading

To upgrade TShock, replace all of the files in the location of your server installation with all of the files from the release zip we provide. Overwrite all files. No data will be lost.

Contributors

hakusaro, drunderscore, and 5 other contributors
Assets 3
Loading
6 Join discussion