1.23.0 - New firework lag exploit

• Prevent fireworks from entering portals, a new exploit was found that can bring servers to single digit tps simply by igniting fireworks inside a portal.

PreventFireworksInPortals: true # Patches lag exploit

• Add option to limit elytra speed at spawn. (#48)

# Spawn elytra settings
ElytraAtSpawn:
  Enabled: false
  SpeedOldChunks: 1.0
  SpeedNewChunks: 0.8
  Radius: 3000

1.22.0 - Custom Chunk Ban Blocks & Fixes

• Added CustomMaxPerChunk for chunk ban prevention, This will allow you to add any block you wish to be limited per chunk.

CustomMaxPerChunk: # CUSTOM block chunk limit configuration - SPIGOT ITEM NAMES!! FIND ON https://papermc.io/javadocs/paper/1.12/org/bukkit/Material.html
  BARRIER: 5

• Fixed some errors with "temporary players" from protocollib.
• Fixed some performance problems with Physics event, not fully fixed, but I now cache TPS checks, so most lag should be gone.

1.21.2 - 1.18 hotfix - Fix minimum height limit.

• Check if height limit is 0 or -64 for 1.18. To allow player to go below Y=0.

1.21.1 - Remove log4j exploit fix

• Removed client side log4j exploit fix due to problems with death messages and interference with other plugins, I don't have time for this because I have a life. I recommend using Log4jFix instead. It's not much of a deal anymore as most clients have already updated. Make sure you are using Papaya or mojang's fix to patch the server sided exploit.

1.21.0 - Prevent RCE exploit clientside

• Block all messages from reaching players if they contain ${ this should hopefully prevent any clients from running code from the recently found log4j remote code vulnerability. MAKE SURE TO USE Papaya FOR SERVER SIDE OR YOU COULD POSSIBLY BE BACKDOORED!

PreventRCEClientSideExploit: true # CLIENTSIDE ONLY - SERVER IS STILL VULNERABLE Blocks all messages containing "${" make sure you are using mojang's patch (https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) or updated Papaya to patch this exploit on the server side, OTHERWISE YOU CAN BE BACKDOORED.

• Add a reminder warning every minute to install ProtocolLib since it's essential. Specify in config.yml to disable protocollib completely to remove this message, but protocollib is required to patch many exploits.
• Add a list of commands that will have the antispam activated for them. Useful if you don't want to have the antispam active on non chat commands. (#43)

AntiSpamCommandsUseWhitelist: false
AntiSpamCommandsWhitelist:
  - /msg
  - /message
  - /r
  - /reply
  - /w
  - /whisper
  - /tell

• Add max skulls per chunk config option, useful if you have lots of skulls getting stuck in one chunk and lagging/freezing the server.

MaxSkullsPerChunk: 50

1.20.1 - Fix BowBomb Bypass

• Fix bowbomb bypass by using spectral arrows.
• Add BannedRegex config option. Allows you to have infinite customizability for blocking messages.

BannedRegex:
  - "^This is a(.*)banned message" # Prevents any message that starts with "This is a" and ends with "banned message"

1.20.0 - Prevent invalid usernames

Read the last release notes if you haven't already updated.

• Prevent invalid usernames with characters that aren't A-Z, a-z, _, numbers, or are too long (> 16), or too short (<1)

PreventInvalidNames: true # Prevent names with characters that are non letters, numbers, or underscores, or too long/too short.

1.19.0 - BowBomb exploit patch

Read the last release notes if you haven't already updated.

• Add BowBomb patch, server owners have tested this patch and has shown great results. (#40)

PreventBowBombExploit: true # Please report any problems in GitHub/Discord.
MaxBowSquaredVelocity: 15 # Fully pulled bow is ~9-10. 15 is default just to be safe.

• Finally increment version to 1.19.0, releases from now on will be 1.X.0 when there's a new exploit.

1.18.21 - Fixes for 1.17 & Disable Any Class

• Fix all(?) errors that happen on newer versions. One caveat with the Packetfly and boatfly patch on 1.17 is players won't be able to load any new chunks after using the exploit unless they relog, it's not that big of a deal. Note that the NoCom bypass patch is disabled on non 1.12 because it still causes errors, I believe this is already patched in newer Paper versions anyway. (#33)

• Add config list to disable any class you want! Useful if you are having problems with specific classes or would like the negligible performance improvement of not needing to register events in the class.

# Disable certain classes - Semi advanced users only. Useful if you are having problems with specific classes or would like the negligible performance improvement of not needing to register events in the class.
# Caps SENSITIVE - To disable ProtocolLib, set DisableAllProtocolLib to true.
DisabledClasses:
  - "TestClass" # MUST BE CORRECT CAPITALS, CHECK SOURCE CODE, ERROR MESSAGES, OR TIMINGS REPORTS FOR CLASS NAMES.

• Update ProtocolLib in maven

Please let me know if you have any problems on Discord or in the GitHub issues tracker.

1.18.20 - NoCom bypass

Read the last release notes if you haven't already updated.

• Prevent supposed nocom bypass, check Use item packet as well.