Can't log into server - don't know how this patch was installed in the first place
Plisko1 opened this issue · 10 comments
My server was working fine last night. We tried to log in this morning and everyone is getting this message:
java.lang.NullPointerException: Cannot invoke "io.dogboy.serializationisbad.core.config.PatchModule.getClassAllowlist()" because "this.patchModule" is null
I am honestly not sure how serializationisbad.jar got put in my server's mod folder but I also can't remove it. When I remove it and then restart my server it is re-installed. Who is doing this? Is this Bisect Hosting doing this or is it being auto-patched by Forge somehow? The thing that is invading my server and messing it up without permission... is this patch... ironically. We are a 5 person, private, whitelisted, server... do we even need this?
I understand the problem you are trying to solve... and I appreciate that... but what solves this problem?
Uhm.. while we were intially in contact with some parties about automatic inclusion of this patch after approval of the user, nobody mentioned to us that that was actually implemented so I'm a little bit confused about that part as well. We're definitely not persisting that in some way.
EDIT: nvm, thank you @BisectStudios for clarification!
We are a 5 person, private, whitelisted, server... do we even need this?
If anyone on the server can be trusted, then I would probably say no, but it also shouldn't hurt having it on the server just as a precautionary measure (at least if that bug is solved)
Regarding that exception, do you have a full stacktrace for me so we can look at that bug?
We have pushed this to all packs on our systems that are potentially affected to ensure customers are safe from this exploit. If you are having issues logging in, please create a support ticket and we will get this looked into an disabled for you!
-BisectHosting
Checked on this customers server - Looks like there is no stacktrace unfortunately, just shows the attached error.
This is on Forge 1.19.3, I will leave it up to @Plisko1 to share their mods they are using as I don't want to share too much as it's their server.
@Plisko1 I have disabled the mod on your server for now! :)
@dogboy21 Same issue on the Techopolis 2 pack if you needed a pack for testing it - https://www.curseforge.com/minecraft/modpacks/techopolis-2
@BisectStudios i am having the same issue for no reason
again a small whitelisted server w 3 players. This is really annoying, especially for people who don't know how to find this thread.
@OtherMongrel To disable it, rename the file to "serializationisbad-1.3.jar.d", an announcement will be going up shortly in regards to this also within the control panels, apologies for the issues here. As this is a pretty major issue security wise, we wanted to roll out a fix as soon as possible to ensure customers using our services are protected.
@BisectStudios thank you for disabling it. I have a copy saved and I will try to integrate it back in if I can... or if this issue is resolved. In the future I wonder if it is possible to let me opt into something like this? I understand the urgent need... but mods are so flakey together at times... it is nice to know when a hammer might drop... if you know what I mean?
@dogboy21 I will help if I can. Will the latest log help? I am attaching it to this post. This is a custom mod server we have been slowly adding mods to over time. I just recently added a bunch more and updated everything to the latest 1.19.3 versions for Forge. 44.1.23. We are now in the process of putting the new pack through it's paces and new versions and sorting through various issues.
Should be fixed with version 1.4