1.6.0 - OPShield - Скачать версию плагина

[1.6.0] — 2026-04-21

AuditLogger switched from FileWriter to NIO Files.write() — FileWriter used the JVM platform default charset, which could produce garbled or truncated log entries on servers whose OS locale is not UTF-8. All writes now use java.nio.file.Files.write() with an explicit StandardCharsets.UTF_8 argument and StandardOpenOption.APPEND.
ensureFile() is no longer called on every flush tick — the previous implementation re-checked (and conditionally re-created) the log file and its parent directory on every async flush, even when neither had changed. An AtomicBoolean fileReady flag now gates the check so it runs at most once per file lifetime. The flag is cleared after rotation so the next write correctly re-creates the log file.
Failed audit writes now re-queue entries instead of silently discarding them — if a flush attempt throws IOException, the affected lines are returned to the front of the queue and retried up to MAX_WRITE_RETRIES (2) times. On final failure a SEVERE console error is printed and the lines are re-queued so they are not permanently lost.

Legacy SHA-256 password hash triggers a console warning on startup — if op_password_hash in config.yml contains an old SHA-256 value (generated by OPShield < 1.4.0), the server console now displays a clear warning advising the admin to reset the password so it is upgraded to PBKDF2 storage. The plugin continues to accept the legacy hash for authentication; no data is lost.

Magic string "unknown" for unresolvable player IPs replaced with named constant UNKNOWN_IP — eliminates the class of silent typo bugs where inconsistent string literals caused an IP to be handled as a real address in some code paths but skipped correctly in others.
Grammar correction in English shadow-ban fake messages — shadow_fake_clear incorrectly read "Cleared the inventory of 1 players". Corrected to "Cleared the inventory of 1 player". Related entity messages (shadow_fake_kill, shadow_fake_tp) also updated to use the singular form "entity" for consistency.
folia-supported: false added to plugin.yml — OPShield uses the Bukkit task scheduler and is not compatible with Folia. The flag prevents Folia auto-detection from incorrectly classifying the plugin as Folia-safe and loading it on an incompatible runtime.
auto_punish_firewall_fail message key added to all language files — previously the firewall punishment path had no dedicated message for the case where the script is skipped (unsafe exec disabled, blank script, or unknown IP). All three language files (en.yml, vn.yml, ru.yml) now include the key.

PBKDF2 iteration count is now configurable via security.password.pbkdf2_iterations (default 120000, range 10000–1000000). Increasing the value raises brute-force resistance at the cost of slightly slower verification on each /op or /deop attempt. Existing stored hashes are unaffected — they carry their own iteration count.
firewall_script config entry now includes OS-specific examples — the config comment now shows both a Linux iptables example and a Windows netsh example so admins know the expected format without having to consult external documentation.

Key	Default	Description
`security.password.pbkdf2_iterations`	`120000`	PBKDF2 iteration count for new password hashes (10 000–1 000 000)

Key	Description
`auto_punish_firewall_fail`	Shown when firewall punishment is skipped and player is kicked instead