Commit Graph

4626 Commits

Author SHA1 Message Date
dependabot-preview[bot]
4d82a1a8ae Bump org.sonarqube from 3.1 to 3.1.1 in /Plan
Bumps org.sonarqube from 3.1 to 3.1.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-26 05:27:33 +00:00
dependabot-preview[bot]
d73d16b609 Bump HikariCP from 4.0.0 to 4.0.1 in /Plan
Bumps [HikariCP](https://github.com/brettwooldridge/HikariCP) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/brettwooldridge/HikariCP/releases)
- [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES)
- [Commits](https://github.com/brettwooldridge/HikariCP/compare/HikariCP-4.0.0...HikariCP-4.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-26 05:27:21 +00:00
dependabot-preview[bot]
1e0f875897
Bump bstatsVersion from 1.8 to 2.1.0 in /Plan (#1720)
* Bump bstatsVersion from 1.8 to 2.1.0 in /Plan

Bumps `bstatsVersion` from 1.8 to 2.1.0.

Updates `bstats-bukkit` from 1.8 to 2.1.0
- [Release notes](https://github.com/Bastian/bStats-Metrics/releases)
- [Commits](https://github.com/Bastian/bStats-Metrics/commits/v2.1.0)

Updates `bstats-sponge` from 1.8 to 2.1.0
- [Release notes](https://github.com/Bastian/bStats-Metrics/releases)
- [Commits](https://github.com/Bastian/bStats-Metrics/commits/v2.1.0)

Updates `bstats-bungeecord` from 1.8 to 2.1.0
- [Release notes](https://github.com/Bastian/bStats-Metrics/releases)
- [Commits](https://github.com/Bastian/bStats-Metrics/commits/v2.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Updated metrics imports

* Relocate Sponge bstats metrics

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Risto Lahtela <24460436+Rsl1122@users.noreply.github.com>
2021-01-25 12:09:36 +02:00
dependabot-preview[bot]
4871d524f7 Bump HikariCP from 3.4.5 to 4.0.0 in /Plan
Bumps [HikariCP](https://github.com/brettwooldridge/HikariCP) from 3.4.5 to 4.0.0.
- [Release notes](https://github.com/brettwooldridge/HikariCP/releases)
- [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES)
- [Commits](https://github.com/brettwooldridge/HikariCP/compare/HikariCP-3.4.5...HikariCP-4.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-25 09:36:18 +00:00
Risto Lahtela
e26a272e60 Fixed TPS Storage test 2021-01-25 11:26:30 +02:00
Risto Lahtela
4085ae310a Fixed TPS Storage test 2021-01-25 11:12:41 +02:00
Risto Lahtela
ccd492c052 Reduced the performance graph size
Reduced resolution of data:
- Last 30 days: Full resolution (1 per minute)
- Last 60 - 30 days: 1 per 5 minutes
- 60+ days old: 1 per 20 minutes
Effect:
- Reduced /v1/graphs?type=performance size from 21 MB to 9.15 MB (126k rows in database)

Added new endpoint /v1/graphs?type=optimizedPerformance that doesn't parse series separately
- Sends a single array of arrays instead of one array for each series
  - Added a parseDataSeries to graphs.js that translates the data
Effect:
- Reduced from 9.15 MB to 3.35 MB
- Moved some workload to the browser

Affects issues:
- Fixed #1622
2021-01-24 17:40:30 +02:00
Risto Lahtela
f14dfe7a7c Added a setting to allow X-Forwarded-For to be used for IP security
Affects following features:
- IP Whitelist
- Password bruteforce guard

Affects issues:
- Close #1716
2021-01-24 15:59:50 +02:00
Risto Lahtela
bd754c4445 Prevent redirection to another website on login
Affects issues:
- Fixed #1717
2021-01-24 12:21:02 +02:00
Risto Lahtela
c44d3d7a7e Prevented a future accidental XSS vulnerability in Register endpoint error
The username parameter was passed to an exception that is currently turned into
json, but in the future the way this exception is handled could have changed.
2021-01-24 11:15:38 +02:00
Risto Lahtela
a6c286b0f2 Prevented a future accidental XSS vulnerability in Graph type selection
The type parameter was passed to an exception that is currently turned into
json, but in the future the way this exception is handled could have changed.
2021-01-24 11:15:37 +02:00
Risto Lahtela
8544e5a904 Prevented a future accidental XSS vulnerability in Player UUID parsing
The server parameter was passed to an exception that is currently turned into
json, but in the future the way this exception is handled could have changed.
2021-01-24 11:15:37 +02:00
Risto Lahtela
d64a967497 Prevented a future accidental XSS vulnerability in Server UUID parsing
The server parameter was passed to an exception that is currently turned into
json, but in the future the way this exception is handled could have changed.
2021-01-24 11:15:37 +02:00
Risto Lahtela
5c49e95c7d Fixed XSS in Internal Error page
Adding a </pre><xss> to an URL that triggered an internal error could be used
to facilitate an XSS attack
2021-01-24 11:15:37 +02:00
Risto Lahtela
d8626f37a7
Create security_vuln.md 2021-01-24 10:22:49 +02:00
Risto Lahtela
3b52cc5f0c Stop differentiating between wrong pass and user not existing 2021-01-23 21:54:27 +02:00
Risto Lahtela
5fae224ef6 Fixed ErrorContext of some errors being omitted 2021-01-23 21:53:07 +02:00
Risto Lahtela
46e486e00c
Update versions.txt 2021-01-22 21:49:57 +02:00
Risto Lahtela
94abd68086 Don't register the currently running task again inside the task
Affects issues:
- Fixed #1715
2021-01-22 21:44:27 +02:00
Risto Lahtela
97096948dc
Update versions.txt 2021-01-22 15:48:14 +02:00
Risto Lahtela
70b9ac1104 Set FullCalendar to use UTC as timezone
Affects issues:
- Possibly fixed #1239
2021-01-22 11:32:10 +02:00
Risto Lahtela
97bc28e2b4 Updated ProtocolSupport Extension
Ignored Access to implementation before detect Exception

Affects issues:
- Fixed #1665
2021-01-22 11:14:30 +02:00
Risto Lahtela
8423e392bb Don't close DataSource with bad connection
- Attempt to recursively obtain a valid connection.
  This could lead to StackOverFlowException if db goes
  down, so that is caught.

Affects issues:
- Possibly fixed #1458
2021-01-22 11:06:12 +02:00
dependabot-preview[bot]
3335765fa2 Bump dagger from 2.31.1 to 2.31.2 in /Plan
Bumps [dagger](https://github.com/google/dagger) from 2.31.1 to 2.31.2.
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.31.1...dagger-2.31.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-22 05:36:31 +00:00
dependabot-preview[bot]
4d9ad6a8c9 Bump RedisBungee from 0.3.8-SNAPSHOT to 0.6-SNAPSHOT in /Plan
Bumps RedisBungee from 0.3.8-SNAPSHOT to 0.6-SNAPSHOT.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-22 05:29:27 +00:00
dependabot-preview[bot]
2630aa3e08 Bump dagger-compiler from 2.31.1 to 2.31.2 in /Plan
Bumps [dagger-compiler](https://github.com/google/dagger) from 2.31.1 to 2.31.2.
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.31.1...dagger-2.31.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-22 05:28:11 +00:00
dependabot-preview[bot]
2898378016 Bump mockito-junit-jupiter from 3.7.0 to 3.7.7 in /Plan
Bumps [mockito-junit-jupiter](https://github.com/mockito/mockito) from 3.7.0 to 3.7.7.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v3.7.0...v3.7.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-22 05:27:14 +00:00
Risto Lahtela
2b737c9973 Fixed offset for graphs with minutes in timezones
Timezone offset is now a double.

This fix seems very simple, and it kinda is.

HighCharts represents offset in minutes.
Java gives offset in milliseconds, and that was
incorrectly to be assumed as full hours, so the offset
was rounded to an integer. Using a double will allow
all kinds of offsets that still work with highcharts.

Fixes timezones like
- Nepal (GMT+05:45)
- Newfoundland Time (GMT-03:30)

Affects issues:
- Fixed #1652
2021-01-20 18:12:56 +02:00
Risto Lahtela
6758a56167 Fixed build errors 2021-01-20 17:59:45 +02:00
Risto Lahtela
edddccf329 Updated AAC Extension
- Disable AAC Extension if using v5 or newer

The event that is used for data gathering in Plan
for AAC is no longer present as an API in AAC past
version 5.0.0.

Because of this there is no data available for AAC,
and the extension is disabled.

Affects issues:
- Close #1673
2021-01-20 17:37:43 +02:00
Risto Lahtela
fd729360c7 Ignored all UnsupportedOperationExceptions from Extensions
Affects issues:
- Fixed #1667
2021-01-20 17:22:56 +02:00
Risto Lahtela
d5a6ccc7a3 Updated Nucleus Extension
- Removed warnings
- Update server data more frequently

Affects issues:
- #1688
2021-01-20 17:16:42 +02:00
Risto Lahtela
25d528e2f1 Updated mcMMO Extension
- Ignores IndexOutOfBoundsException

Affects issues:
- Fixed #1662
2021-01-20 17:05:40 +02:00
Risto Lahtela
15c9325eb4 Added activity index queries and placeholders.
- Added CommonQueries#fetchActivityIndexOf
- Added CommonQueries#getActivityGroupForIndex

- Added %plan_player_activity_index%
- Added %plan_player_activity_group%

Affects issues:
- Close #1663
2021-01-20 16:58:46 +02:00
dependabot-preview[bot]
e220e40a8c
Bump paper-api from 1.13.2-R0.1-SNAPSHOT to 1.16.5-R0.1-SNAPSHOT in /Plan (#1697)
* Bump paper-api in /Plan

Bumps paper-api from 1.13.2-R0.1-SNAPSHOT to 1.16.5-R0.1-SNAPSHOT.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Removed a method call that is no longer used

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Risto Lahtela <24460436+Rsl1122@users.noreply.github.com>
2021-01-20 16:49:18 +02:00
dependabot-preview[bot]
63bc4a667a
Bump bstatsVersion from 1.4 to 1.8 in /Plan (#1706)
* Bump bstatsVersion from 1.4 to 1.8 in /Plan

Bumps `bstatsVersion` from 1.4 to 1.8.

Updates `bstats-bukkit` from 1.4 to 1.8
- [Release notes](https://github.com/Bastian/bStats-Metrics/releases)
- [Commits](https://github.com/Bastian/bStats-Metrics/commits)

Updates `bstats-sponge` from 1.4 to 1.8
- [Release notes](https://github.com/Bastian/bStats-Metrics/releases)
- [Commits](https://github.com/Bastian/bStats-Metrics/commits)

Updates `bstats-bungeecord` from 1.4 to 1.8
- [Release notes](https://github.com/Bastian/bStats-Metrics/releases)
- [Commits](https://github.com/Bastian/bStats-Metrics/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Update bStats construction

Affects issues:
- Possibly fixed #1680

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Risto Lahtela <24460436+Rsl1122@users.noreply.github.com>
2021-01-20 16:43:37 +02:00
Risto Lahtela
c878e71179 Revert 6db7623037 2021-01-20 10:00:07 +02:00
dependabot-preview[bot]
01a8f5e1d3 Bump dagger from 2.31 to 2.31.1 in /Plan
Bumps [dagger](https://github.com/google/dagger) from 2.31 to 2.31.1.
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.31...dagger-2.31.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-20 06:17:02 +00:00
dependabot-preview[bot]
6db7623037 Bump RedisBungee from 0.3.8-SNAPSHOT to 0.6-SNAPSHOT in /Plan
Bumps RedisBungee from 0.3.8-SNAPSHOT to 0.6-SNAPSHOT.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-20 06:08:39 +00:00
dependabot-preview[bot]
414e82395c Bump Extension-FactionsUUID in /Plan
Bumps Extension-FactionsUUID from 1.6.9.5-U0.5.16-R0.1 to 1.6.9.5-U0.5.16-R0.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-20 06:08:00 +00:00
dependabot-preview[bot]
cc9ee830bb Bump dagger-compiler from 2.31 to 2.31.1 in /Plan
Bumps [dagger-compiler](https://github.com/google/dagger) from 2.31 to 2.31.1.
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.31...dagger-2.31.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-20 05:59:32 +00:00
dependabot-preview[bot]
113c9ccb4b Bump placeholderapi from 2.9.2 to 2.10.9 in /Plan
Bumps placeholderapi from 2.9.2 to 2.10.9.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-20 05:58:16 +00:00
Risto Lahtela
1f4fdd8830 Added extension data support to /players page
Affects issues:
- #1222
2021-01-19 18:18:26 +02:00
dependabot-preview[bot]
e64967f3c7 Bump mockito-core from 3.6.28 to 3.7.7 in /Plan
Bumps [mockito-core](https://github.com/mockito/mockito) from 3.6.28 to 3.7.7.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v3.6.28...v3.7.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-18 05:48:02 +00:00
dependabot-preview[bot]
c81019ec69 Bump mysql-connector-java from 8.0.22 to 8.0.23 in /Plan
Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.22 to 8.0.23.
- [Release notes](https://github.com/mysql/mysql-connector-j/releases)
- [Changelog](https://github.com/mysql/mysql-connector-j/blob/release/8.0/CHANGES)
- [Commits](https://github.com/mysql/mysql-connector-j/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-18 05:46:22 +00:00
dependabot-preview[bot]
f19c5fe5ad Bump org.sonarqube from 3.0 to 3.1 in /Plan
Bumps org.sonarqube from 3.0 to 3.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-16 17:36:48 +00:00
dependabot-preview[bot]
e35403a4ce Bump dagger from 2.30.1 to 2.31 in /Plan
Bumps [dagger](https://github.com/google/dagger) from 2.30.1 to 2.31.
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.30.1...dagger-2.31)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-15 05:35:21 +00:00
dependabot-preview[bot]
d3bf6ebdbf Bump dagger-compiler from 2.30.1 to 2.31 in /Plan
Bumps [dagger-compiler](https://github.com/google/dagger) from 2.30.1 to 2.31.
- [Release notes](https://github.com/google/dagger/releases)
- [Changelog](https://github.com/google/dagger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/dagger/compare/dagger-2.30.1...dagger-2.31)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-15 05:27:15 +00:00
dependabot-preview[bot]
6249d53888 Bump bungeecord-api from 1.16-R0.3 to 1.16-R0.4 in /Plan
Bumps [bungeecord-api](https://github.com/SpigotMC/BungeeCord) from 1.16-R0.3 to 1.16-R0.4.
- [Release notes](https://github.com/SpigotMC/BungeeCord/releases)
- [Commits](https://github.com/SpigotMC/BungeeCord/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-01-15 05:27:06 +00:00
Alexander Trost
1224eea893
contributors: fix the contributors list commas (#1685)
Signed-off-by: Alexander Trost <galexrt@googlemail.com>
2021-01-06 17:01:42 +02:00