Jump Academy
We are a growing community of 44,940 jumpers from all around the world who share the same passion for rocket jumping in Team Fortress 2.
Join our Steam group today!
We are a growing community of 44,940 jumpers from all around the world who share the same passion for rocket jumping in Team Fortress 2.
Join our Steam group today!
Hey everyone. As a result of some internal discussions, we have decided to restrict the usage of VScript on JA. Going forward there will be a general ban on VScript on all JA servers.
VScript is a powerful tool, and in some cases too powerful. There are several contributing factors to this decision but the primary points of issue are security and maintainability. Since JA's founding, the main assumption about mapping is that maps are generally safe from the point of view of the server operators. VScript introduces a structural shift in what mappers are capable of.
As it stands we just don't have the manpower to review every single map that we add to JA for potential issues with their scripts. Going forward we would like to encourage all mappers to try more conventional systems for map logic first.
Q: My map uses VScript. What does this mean for me?
A: Your map is still allowed on JA and we won't require a separate version, just be aware that any scripts included will not run on JA servers.
Q: Why is this necessary?
A: VScript is extremely powerful with similar capabilities as sourcemod plugins. At JA, our developers have always reviewed any plugins or extensions we upload to our servers for security, performance, stability, and maintainability concerns. The VScript update introduced a totally new vector for code to be added to our servers that we weren't prepared for. We think this is the best way to ensure we are able to maintain oversight on external code on JA.
Q: My VScript code is critical to the functionality of my map. Does this mean my map can't be on Jump Academy?
A: Talk to our developers (AI or Squid) about your map so we can review your code and come to a decision. We will be handling whitelisted maps on a case by case basis.
Notepad++ v8.8.9 release: Vulnerability-fix
Some security experts recently reported incidents of traffic hijacking affecting Notepad++. According to the investigation, traffic from WinGUp (the Notepad++ updater) was occasionally redirected to malicious servers, resulting in the download of compromised executables.
The review of the reports led to identification of a weakness in the way the updater validates the integrity and authenticity of the downloaded update file. In case an attacker is able to intercept the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and executed an unwanted binary (instead of the legitimate Notepad++ update binary). To mitigate this weakness and address the hijacking’s concerns raised by the security researchers, a new security enhancement is being introduced in this release of Notepad++.
The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users.
The compromise became known when multiple users reported that Play Protect, Android's built-in antivirus module, blocked SmartTube on their devices and warned them of a risk.
The developer of SmartTube, Yuriy Yuliskov, admitted that his digital keys were compromised late last week, leading to the injection of malware into the app.
Yuliskov revoked the old signature and said he would soon publish a new version with a separate app ID, urging users to move to that one instead.
[...]