Unrelated PSA - the BungeeGuard builds available from bungeeguard<dot>com are NOT official releases and most probably contain malware.

Update Information

• An issue introduced in BungeeCord build 1756 caused the BungeeGuard token to be leaked to players using Minecraft 1.20.2 or higher via the LoginSuccess packet.
• This issue only affects BungeeGuard setups using BungeeCord, it does not affect Velocity proxies.
• Affected users are recommended to update to BungeeGuard v1.4.0 or later on their proxy, and rotate their BungeeGuard tokens.

More details can be found here: https://github.com/lucko/BungeeGuard/blob/master/SECURITY.md

• BungeeGuard will now run some checks to validate the configuration before the plugin enables, and before players can connect.

Please ensure:

• settings.bungeecord is set to true in spigot.yml
• allowed-tokens in plugins/BungeeGuard/config.yml contains only your allowed BungeeGuard tokens and nothing else.

Cheers,
~lucko

• Updated to support BungeeCord 1.19.

⚠️ Note: If you want to use BungeeGuard on a pre-1.19 version of BungeeCord, you will need to download and use BungeeGuard v1.2.2

This update fixes a vulnerability in the way BungeeGuard operates. It is important that you update.

The fix only applies to the backend (Spigot plugin) part of BungeeGuard.

More details can be found here: https://github.com/lucko/BungeeGuard/blob/master/SECURITY.md#001---7th-june-2020