▶️ ЗАБЕРИ СВОИ 8 ПОДАРКОВ 🎁 ПРИ СОЗДАНИИ СВОЕГО МАЙНКРАФТ СЕРВЕРА
Плагины/⚡ ServerBooster
⚡ ServerBooster

⚡ ServerBooster

Optimize your Minecraft server for peak performance with ServerBooster

Оцените первым
1.8K
4
Все версииServerBooster v26.1.1

ServerBooster v26.1.1

Release28.06.2026

Список изменений

This patch delivers a major overhaul to the Web Monitor module, critical security hardening across the entire web stack, and targeted performance fixes identified through a full codebase audit.

Note: The Web Monitor Dashboard is currently in EXPERIMENTAL phase. It is disabled by default and must be manually enabled in web.yml. Features, endpoints, and configuration options may change in future releases without prior notice. FIX JAR (WEB)


Web Dashboard — Complete Rewrite (EXPERIMENTAL)

  • Two-tier data collection system: Fast metrics (TPS, MSPT, memory, players) update every 2 seconds. Heavy data (entity breakdown, chunk hotspots) updates every 10 seconds. This eliminates main thread impact when the dashboard is in use.
  • Client-awareness gate: Data collection is completely skipped when no one is viewing the dashboard. Zero overhead when unused.
  • Removed block scanning: The previous triple-nested loop that scanned blocks for pistons every cycle has been replaced with tile entity scanning only — dramatically reducing per-cycle cost.
  • Chunk scan cap: Hotspot analysis now processes only the top 200 chunks by tile entity count instead of scanning all loaded chunks.
  • Module Statistics panel: The dashboard now displays real-time stats from active modules — frozen entities (EntityOptimizer), lobotomized villagers (VillagerOptimizer), items moved and registered hoppers (HopperOptimizer), chunks unloaded (ChunkOptimizer), and throttled redstone chunks (RedstoneTickLimiter).
  • MSPT History chart: A new chart displays MSPT (milliseconds per tick) history alongside the existing TPS chart, with a 50ms danger line indicator.
  • Alert system: Visual banners appear when TPS drops below 15 (warning) or below 10 (critical), and when memory usage exceeds 85% (warning) or 95% (critical).
  • Action log: A new section shows recent optimization actions performed by the plugin in real-time.
  • Copy coordinates: Click any coordinate in the players table or hotspots table to copy a /tp command directly to your clipboard.
  • Search filters: Filter players by name or world, and filter entities by type using the new search inputs.
  • Last update indicator: The header now shows "Live" or "Updated Xs ago" so you always know data freshness.
  • Header color feedback: The header border subtly changes color based on server health — green (healthy), yellow (moderate), red (critical).
  • Favicon: Both the login page and dashboard now display a branded "S" favicon.

Security Hardening

  • PBKDF2 password hashing: Upgraded from SHA-256 (single-pass) to PBKDF2-HMAC-SHA256 with 600,000 iterations. Passwords are automatically re-hashed on first startup. The plain-text password is removed from web.yml and replaced with the hash.
  • Zero hardcode policy enforced: All configuration values (port, host, username, password, session timeout, login attempts, lockout duration, update interval, TPS history size) are read exclusively from web.yml. Missing or invalid values disable the web module with a warning — no fallback defaults in code.
  • Timing-safe username comparison: Username verification now uses MessageDigest.isEqual() for constant-time comparison, preventing timing attacks.
  • CORS enforcement: The allowed-origins configuration is now actively enforced against the Origin header. Previously loaded but never applied.
  • CSP tightened: Removed 'unsafe-inline' from Content-Security-Policy. Removed broad ws: wss: from connect-src. Added frame-ancestors 'none'. Login page CSS and JS moved to external files to comply.
  • Removed deprecated X-XSS-Protection header: This header has been deprecated since Chrome 78 and can cause issues in modern browsers.
  • WebSocket connection cap: Maximum 10 simultaneous WebSocket connections. Excess connections are rejected with code 4008.
  • WebSocket session re-validation: Active WebSocket connections now re-validate their session token on every broadcast cycle. Expired sessions are automatically disconnected.
  • Session cleanup scheduled: Expired sessions and lockout entries are now automatically cleaned every 60 seconds.
  • Version information reduced: The dashboard now displays only the Minecraft version (e.g., "1.21.1") instead of the full server string that previously exposed the server software, fork name, and build number.
  • Protected /api/status: This endpoint now requires authentication. Previously accessible without login.
  • Unauthenticated /health endpoint: A new /health endpoint returns only {"status":"ok"} for external monitoring tools (UptimeRobot, Pterodactyl health probes) without exposing any server details.
  • No-cache headers: All responses include Cache-Control: no-store and Pragma: no-cache to prevent browser caching of sensitive dashboard data.
  • Safe resource loading: Internal path exposure removed — missing resources return an empty string instead of "Resource not found: path/to/file".
  • Silenced Javalin/SLF4J stderr output: Javalin startup logs and SLF4J warnings no longer pollute the server console.
  • Default host changed to 127.0.0.1: New installations bind to localhost only instead of all interfaces, preventing accidental public exposure.

Performance Fixes

  • EntityOptimizer cleanup: O(1) instead of O(n*m): The frozen entity cleanup task previously scanned world.livingEntities for every cached entity ID. Now

  • EntityOptimizer cleanup: O(1) instead of O(n*m): The frozen entity cleanup task previously scanned world.livingEntities for every cached entity ID. Now uses UUID-based Bukkit.getEntity() lookups — constant time per entity instead of linear scan.

  • Dead code removed: Deleted optimizeWorld() (~60 lines) and restoreNearbyEntities() (~30 lines) — both superseded by their batched counterparts but still present in the codebase.

  • forceOptimize() no longer stalls main thread: Previously called the unbatched optimizeWorld() method. Now uses inline iteration with try-catch per entity.

  • Shared suspendOnMainThread utility: Extracted the duplicated runOnMainThread suspend function from EntityOptimizer and VillagerOptimizer into a shared SchedulerUtil.suspendOnMainThread() method.

  • Shutdown deadlock fixed: Replaced runBlocking { scope.cancelAndJoin() } in onDisable() with non-blocking scope.cancel(). The previous implementation could deadlock if any coroutine was awaiting the main thread via suspendOnMainThread.

  • Redundant shutdown scan removed: nmsManager.restoreAllEntities() was called in onDisable() after entityOptimizer.shutdown() — which already restores all entities. The duplicate full-world scan has been removed.

  • WebSocket broadcast optimized: gson.toJson() is now called once per broadcast cycle instead of once per connected client.


Configuration Changes

web.yml — The following defaults have changed:

  • host default changed from "0.0.0.0" to "127.0.0.1"
  • auth.password is now automatically hashed on first startup (prefixed with HASHED:)
  • All fields are now required — missing fields disable the web module

Compatibility

  • Supports Paper, Spigot, and Purpur from 1.17 to 26.1
  • Folia detection present (EntityOptimizer auto-disables on Folia)
  • Java 17+ required

Файлы

ServerBooster-26.1.1.jar(6.26 MiB)
Основной
Скачать

Метаданные

Канал релиза

Release

Номер версии

26.1.1

Загрузчики

Folia
Paper
Purpur
Spigot

Версии игры

1.17–26.1.2

Загрузок

72

Дата публикации

28.06.2026

Загрузил

ID версии

Главная