First of all, huge thanks to everyone who has helped work on this, document it, and protect so many people playing modded Minecraft.

Would it be possible to get an option that disables the remote config pulling, and only runs with a local config file?

For the security conscious, adding a reliance on a remote json file is quite worrying, especially if that is ever compromised and classes that shouldn't be patched start getting patched, etc. An option to disable this entirely and only run with a local config file would be hugely appreciated.

Hi, thank you for your feedback!

We already discussed that option internally a few days ago because I definitely understand that problem/usecase.

I will add a local config file that allows to disable the remote config completely as well as an option to specify a custom URL to fetch the remote config from in one of the next versions.

Does that fully meet your requirements or do you need something else as well?

That would be a great solution, thank you, and would provide everything that we need. 😃

Please try this out and let us know if it all working as you want it. https://github.com/dogboy21/serializationisbad/releases/tag/1.4

This appears to be working as expected - thank you so much for the quick implementation! ❤

Sounds good! Let us know if you have any other issues.