Crucible

This is an automatic build targeting the commit 5dd5521e1ad9750ab2c6a965053a2407d0417758

This is an automatic build targeting the commit 654d44b3190fdcbe3fc4690149cb0059410e7ec2

This is an automatic build targeting the commit 1e4bebaf125bd172b4a63e8794b9c782430df10f

This is an automatic build targeting the commit c1889d224d8222be112668e53c1f77e3b02aed1e

This is an automatic build targeting the commit 6caa753532df8a2b84c5c3f1850b689d300bde9e

About Crucible Reflux

Crucible Reflux is an alternative Crucible release designed to be a drop-in replacement for Thermos, requiring little to no effort for server owners to receive important bug fixes on long-running Thermos servers, Reflux will only accept bug fixes that does not change well known Thermos behavior most people will likely depend on.
Reflux releases will always be marked as pre-release so they don't take priority display over normal Crucible releases.
Like Crucible, Reflux is a standalone jar that will automatically set up its libraries.

Changes over Thermos

• Fixed CVE-2021-35054
• Fixed CVE-2021-44228
• Fixed ClassCastException on ContainerPlayer if the crafter is not a player
• Fixed NullPointerException when an ip-banned player attempts to join the server
• Fixed Villages loading chunks when checking for doors
• Fixed dropper crash with OpenBlocks
• Fixed writable books
• Added Openj9 support
• Removed Thermos update checker
• Removed Forge update checker

Changes over the last release:

• Fixed java.lang.VerifyError: Expecting a stackmap frame on coremods targeting Minecraft classes without recalculating the stackmap.
• Added library manager. Crucible is now a standalone server jar and will automatically set up its libraries like other bukkit-based servers. This feature can be disabled with -Dcrucible.skipLibraryVerification=true.

Commits

• 4eab54a: Revert "Revert "Add function to merge NBTTagCompound, its present on modern versions, it might help compatibility with a few plugins."" (Pétrus Pradella)

Changes over the last release:

• Fix for CVE-2021-44228: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Fix severe exploit with log4j https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

A selected collection of non-breaking features from the dev branch as a drop in update over the previous 5.X versions. Remember to update your libraries as well!

Changes over the last release:

• Fixed crash with RecurrentComplex (#41)
• Allow unsafe server icons (#38) - Please don't use that
• Added configuration option to prevent grass from loading chunks
• Fixed crash with server wrappers
• Fixed block reach on block placement (#61)
• Less console pollution for fresh servers (#53)
• Fixed server freezing with Streams mod
• Removed forge version check

Changes over the last release:

• Fix for CVE-2021-35054: Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files.