4.7.0 - Database Code Restructuring | Change log

This update brings some database stability changes as well as various fixes

Fixed Security Vulnerability

• Fixed a brute force vulnerability of the Plan web panel by adding a 90s delay after 5 failed login attempts from a certain address.

Improvements

• Database code restructured
  • Everything that updates rows in the database is now using Transactions. This allows automatic rollbacks of failed transactions (such as a failed patch)
  • Transactions are now performed on their own thread to remove single-server deadlock possibility.
  • Queries & Transactions wait before patches are applied (This is to prevent tons of exceptions)
  • Sponge now uses same HikariCP as other server implementations. (Should prevent some issues with connection leaks)
• Some Query memory optimizations
  • Sessions of other servers are no longer fetched to memory when doing analysis on network server
  • Sessions, WorldTimes and PlayerKills related to the sessions fetched with single query instead of 3.
  • All users no longer fetched when analysing a network server
• Sessions are now saved on server shutdown if possible. (ínstead of JVM shutdown) Special thanks to @Fuzzlemann for his research on this.

Bugfixes

• Commands and web panel now notify user if the database is not open.
• Servers no longer generate same ServerUUID when Plan is installed
• Fixed login message displaying '/'
• Fixed /server page "back" button on networks
• Fixed concurrent modification related to FileWatcher (Network config update system)
• Attempt to fix databases that fail on KillsOptimizationPatch
• Attempt to fix timeout error on network servers when viewing /server pages

As always if you are having issues with the update, please report issues on Github ( https://github.com/Rsl1122/Plan-PlayerAnalytics/issues) or join Discord for support ( https://discord.gg/yXKmjzT). Thanks