LanteaCraft is linked along with SGCraft, but LanteaCraft forked SGCraft in 1.6.4, and was totally rewritten very soon after, the classes you are patching do not exist in LanteaCraft.

Our repo is here: https://github.com/PC-Logix/LanteaCraft I've checked and can not find any references to "ObjectInputStream" in any of LanteaCraft code. It's possible this existed long long ago, but any builds based on the original SGCraft before our full rewrite were removed from CurseForce ~9 years ago.

If I am missing anything in the current LanteaCraft source please let me know, and I'll re-work the code as needed.

While it looks like there's no use of OIS in the current master branch of the linked Github repo, I know that atleast LanteaCraft-0.1.0-forge9.11.1.933-snapshot-82.jar was vulnerable to this.

If you have any insights on what version that issue was patched, we can definitely add it to our affected mods list!

Thank you, that file should have been removed when all of the older ones were. This would have been fixed in any of the post re-write files so anything LanteaCraft-RC1-23.jar or newer, the entire mod was rewritten at this point. I have deleted the effected version from CurseForge (after archiving the jar locally for reference)

Great, thank you so much!

Yeah I just saw that the oldest version on Curse is the one you mentioned and it looks good.

We got access to that file because of a cooperation with ATLauncher which enabled us to check all uploaded files on there in the last 10 years.

But we will definitely add a note on that in the affected mods list so everybody knows that >RC1-23 is fixed.

@Aiidoneus do you want to change that? I experience severe anxiety just from looking at that markdown file :D

@CaitlynMainer I pushed a fix for this. Can you let me know if the information on the page is correct please?
https://github.com/dogboy21/serializationisbad/blob/master/docs/mods.md

Looks good to me. Thank you again for the prompt responses!