Difference between revisions of "Older News"
| Line 1: | Line 1: | ||
| + | ==June== | ||
| + | ===Wesnoth 1.12.4, 1.13.1, and Security Advisory=== | ||
| + | ''Monday, June 29 2015'' | ||
| + | |||
| + | <b>Wesnoth 1.12.4</b> — a maintenance release for the stable 1.12.x series — and <b>Wesnoth 1.13.1</b> — the second 1.13.x development release — are now available. Both include various fixes and improvements made since the previous releases, as well as a fix for an important security vulnerability which allows a malicious user to steal add-on upload credentials. <b style="color:#F00">We urge content authors using <u>any previous version</u> to upgrade immediately.</b> | ||
| + | |||
| + | Check the respective forum threads for these releases for a list of the most notable changes in both versions: | ||
| + | |||
| + | * [http://forums.wesnoth.org/viewtopic.php?t=42775 Wesnoth 1.12.4] — maintenance release | ||
| + | * [http://forums.wesnoth.org/viewtopic.php?t=42774 Wesnoth 1.13.1] — development release | ||
| + | |||
| + | See also our [http://forums.wesnoth.org/viewtopic.php?t=42776 security advisory] for previous versions. | ||
| + | |||
| + | The source code and the Windows installer files for both versions are already available on the [[Download#Stable_.281.12_branch.29|downloads page]]. You may also find packages for other platforms there as they become available. | ||
| + | |||
| + | ===About Add-on Passphrase Security=== | ||
| + | ''Thursday, June 11 2015'' | ||
| + | |||
| + | Content creators who have published user-made add-ons to the Wesnoth add-ons server are surely aware that we currently use a very primitive authentication mechanism that works on a per-add-on basis. An uploader-defined passphrase is provided in the add-on’s [[PblWML|<code>.pbl</code> file]] and this is matched against the add-ons server’s records. | ||
| + | |||
| + | What is not necessarily obvious is that the passphrase is stored in clear text form not only on the client’s side, but also on the server. This means that any person with access to the server configuration can see every add-on’s passphrase in a human-readable format that makes it trivial for it to be stolen. Furthermore, it is also possible for add-ons to obtain add-on passphrases from the client and transmit them over the network. Because of this, we advise content uploaders to use unique passphrases for their content and <b>never reuse an existing password</b> that could grant a malicious party access to their systems or other sites. Also, in order to prevent vandalism, we suggest either using hard-to-guess passphrases, or leaving the passphrase field blank or omitting it altogether when first uploading an add-on so that the add-ons client will generate and save a random one instead. | ||
| + | |||
| + | People who suspect they may be using insecure passphrases for their add-ons should [http://forums.wesnoth.org/ucp.php?i=pm&mode=compose&g=6641 send a private message] to the Forum Administrators group to request changing passphrases; or use the command-line add-ons client with the following parameters if possible, substituting the text within brackets and replacing <code>1.12.x</code> with <code>1.13.x</code> or <code>1.10.x</code> if applicable: | ||
| + | |||
| + | wesnoth_addon_manager -p 1.12.x --change-passphrase <Addon_Folder_Name> <old passphrase> <new passphrase> | ||
| + | |||
==April== | ==April== | ||
| + | ===Wesnoth 1.13.0: Development Release=== | ||
| + | ''Monday, April 20 2015'' | ||
| + | |||
| + | The first release of the new development series, <b>Wesnoth 1.13.0</b>, is now available. Check the [http://forums.wesnoth.org/viewtopic.php?t=41918 forum thread] for a list of the most notable changes in this version. | ||
| + | |||
| + | As on previous occasions, we also offer two versions of the changelog: a trimmed-down [https://raw.github.com/wesnoth/wesnoth/1.13.0/players_changelog players changelog] including only those items considered to be relevant in regular gameplay, and a more technical [https://raw.github.com/wesnoth/wesnoth/1.13.0/changelog full changelog] for enthusiasts and content creators. Be warned that both changelogs are <b>extremely</b> long this time around, since this is the very first development release in the series and many changes have piled up since 1.12 beta 2 (version 1.11.11) was released. | ||
| + | |||
| + | The source code and the Windows installer are already available on the [[Download#Development_.281.13_branch.29|downloads page]]. You may also find packages for other platforms there as they become available. | ||
| + | |||
| + | Bear in mind that this is a development version — as such, it is likely to include a lot of new bugs, some of which are already listed in the release notes. If you encounter other issues, make sure to [[ReportingBugs|report them]] to us so they can be fixed for future releases. | ||
| + | |||
| + | You may [http://forums.wesnoth.org/viewtopic.php?t=41918 comment] on this release in the forums. | ||
| + | |||
===Wesnoth 1.12.2: Maintenance Release & Security Advisory=== | ===Wesnoth 1.12.2: Maintenance Release & Security Advisory=== | ||
''Saturday, April 11 2015'' | ''Saturday, April 11 2015'' | ||
Revision as of 04:30, 8 July 2015
Contents
June
Wesnoth 1.12.4, 1.13.1, and Security Advisory
Monday, June 29 2015
Wesnoth 1.12.4 — a maintenance release for the stable 1.12.x series — and Wesnoth 1.13.1 — the second 1.13.x development release — are now available. Both include various fixes and improvements made since the previous releases, as well as a fix for an important security vulnerability which allows a malicious user to steal add-on upload credentials. We urge content authors using any previous version to upgrade immediately.
Check the respective forum threads for these releases for a list of the most notable changes in both versions:
- Wesnoth 1.12.4 — maintenance release
- Wesnoth 1.13.1 — development release
See also our security advisory for previous versions.
The source code and the Windows installer files for both versions are already available on the downloads page. You may also find packages for other platforms there as they become available.
About Add-on Passphrase Security
Thursday, June 11 2015
Content creators who have published user-made add-ons to the Wesnoth add-ons server are surely aware that we currently use a very primitive authentication mechanism that works on a per-add-on basis. An uploader-defined passphrase is provided in the add-on’s .pbl file and this is matched against the add-ons server’s records.
What is not necessarily obvious is that the passphrase is stored in clear text form not only on the client’s side, but also on the server. This means that any person with access to the server configuration can see every add-on’s passphrase in a human-readable format that makes it trivial for it to be stolen. Furthermore, it is also possible for add-ons to obtain add-on passphrases from the client and transmit them over the network. Because of this, we advise content uploaders to use unique passphrases for their content and never reuse an existing password that could grant a malicious party access to their systems or other sites. Also, in order to prevent vandalism, we suggest either using hard-to-guess passphrases, or leaving the passphrase field blank or omitting it altogether when first uploading an add-on so that the add-ons client will generate and save a random one instead.
People who suspect they may be using insecure passphrases for their add-ons should send a private message to the Forum Administrators group to request changing passphrases; or use the command-line add-ons client with the following parameters if possible, substituting the text within brackets and replacing 1.12.x with 1.13.x or 1.10.x if applicable:
wesnoth_addon_manager -p 1.12.x --change-passphrase <Addon_Folder_Name> <old passphrase> <new passphrase>
April
Wesnoth 1.13.0: Development Release
Monday, April 20 2015
The first release of the new development series, Wesnoth 1.13.0, is now available. Check the forum thread for a list of the most notable changes in this version.
As on previous occasions, we also offer two versions of the changelog: a trimmed-down players changelog including only those items considered to be relevant in regular gameplay, and a more technical full changelog for enthusiasts and content creators. Be warned that both changelogs are extremely long this time around, since this is the very first development release in the series and many changes have piled up since 1.12 beta 2 (version 1.11.11) was released.
The source code and the Windows installer are already available on the downloads page. You may also find packages for other platforms there as they become available.
Bear in mind that this is a development version — as such, it is likely to include a lot of new bugs, some of which are already listed in the release notes. If you encounter other issues, make sure to report them to us so they can be fixed for future releases.
You may comment on this release in the forums.
Wesnoth 1.12.2: Maintenance Release & Security Advisory
Saturday, April 11 2015
Wesnoth 1.12.2 is now available. This is a maintenance release for the stable 1.12.x series including a critical security fix, as well as an assortment of other bug fixes and improvements over version 1.12.1.
We urge users of all previous versions to upgrade immediately.
Check the forum thread for a list of the most notable changes in this version, and the security advisory for previous versions.
As usual, we also offer two versions of the changelog: a trimmed-down players changelog including only those items considered to be relevant in regular gameplay, and a more technical full changelog for enthusiasts and content creators.
The source code, Windows, Apple OS X, and OpenPandora packages are already available on the downloads page. You may also find packages for other platforms there as they become available.
You may comment on this release in the forums.
January
Wesnoth 1.12.1: Maintenance Release
Sunday, January 25 2015
Wesnoth 1.12.1 is now available. This is a maintenance release for the stable 1.12.x series and, as such, it delivers an assortment of bug fixes and other improvements over version 1.12.0. Check the forum thread for a list of the most notable changes in this version.
As on previous occasions, we also offer two versions of the changelog: a trimmed-down players changelog including only those items considered to be relevant in regular gameplay, and a more technical full changelog for enthusiasts and content creators.
The source code, Windows, and Apple OS X packages are already available on the downloads page. You may also find packages for other platforms there as they become available.
You may comment on this release in the forums.