Adamant and Rune Dragons

June 15th, 2015

New dragons, fresh from RuneLabs | More bank boosters | This week’s streams | Competition winners

BTS Video – Adamant & Rune Dragons

June 12th, 2015

New Dragons Preview Video | Podcast – Invention & Elite Skills | Q&A Recap

BTS Video – Adamant & Rune Dragons

June 12th, 2015

New Dragons Preview Video | Podcast – Invention & Elite Skills | Q&A Recap

BTS Video – Adamant & Rune Dragons

June 12th, 2015

New Dragons Preview Video | Podcast – Invention & Elite Skills | Q&A Recap

BTS Video – Adamant & Rune Dragons

June 12th, 2015

New Dragons Preview Video | Podcast – Invention & Elite Skills | Q&A Recap

BTS Video – Adamant & Rune Dragons

June 12th, 2015

New Dragons Preview Video | Podcast – Invention & Elite Skills | Q&A Recap

BTS Video – Adamant & Rune Dragons

June 12th, 2015

New Dragons Preview Video | Podcast – Invention & Elite Skills | Q&A Recap

About Add-on Passphrase Security

June 11th, 2015

Content creators who have published user-made add-ons to the Wesnoth add-ons server are surely aware that we currently use a very primitive authentication mechanism that works on a per-add-on basis. An uploader-defined passphrase is provided in the add-on’s .pbl file and this is matched against the add-ons server’s records.

What is not necessarily obvious is that the passphrase is stored in clear text form not only on the client’s side, but also on the server. This means that any person with access to the server configuration can see every add-on’s passphrase in a human-readable format that makes it trivial for it to be stolen. Furthermore, it is also possible for add-ons to obtain add-on passphrases from the client and transmit them over the network. Because of this, we advise content uploaders to use unique passphrases for their content and never reuse an existing password that could grant a malicious party access to their systems or other sites. Also, in order to prevent vandalism, we suggest either using hard-to-guess passphrases, or leaving the passphrase field blank or omitting it altogether when first uploading an add-on so that the add-ons client will generate and save a random one instead.

People who suspect they may be using insecure passphrases for their add-ons should send a private message to the Forum Administrators group to request changing passphrases; or use the command-line add-ons client with the following parameters if possible, substituting the text within brackets and replacing 1.12.x with 1.13.x or 1.10.x if applicable:

wesnoth_addon_manager -p 1.12.x --change-passphrase <Addon_Folder_Name> <old passphrase> <new passphrase>

– Delivered by Feed43 service

About add-on passphrase security

June 11th, 2015

People who have published user-made add-ons to the Wesnoth add-ons server are surely aware that we currently use a very primitive authentication mechanism that works on a per-add-on basis. An uploader-defined passphrase is provided in the add-on’s .pbl file and this is matched against the add-ons server’s records.

What is not necessarily obvious is that the passphrase is stored in clear text form not only on the client’s side, but also on the server. This means that any person with access to the server configuration can see every add-on’s passphrase in a human-readable format that makes it trivial for it to be stolen. Furthermore, it is also possible for add-ons to obtain add-on passphrases from the client and transmit them over the network. Because of this, we advise content uploaders to use unique passphrases for their content and never reuse an existing password that could grant a malicious party access to their systems or other sites. Also, in order to prevent vandalism, we suggest either using hard-to-guess passphrases, or leaving the passphrase field blank or omitting it altogether when first uploading an add-on so that the add-ons client will generate and save a random one instead.

People who suspect they may be using insecure passphrases for their add-ons should send a private message to the Forum Administrators group to request changing passphrases; or use the command-line add-ons client with the following parameters if possible, substituting the text within brackets and replacing 1.12.x with 1.13.x or 1.10.x if applicable:

wesnoth_addon_manager -p 1.12.x --change-passphrase <Addon_Folder_Name> <old passphrase> <new passphrase>

– Delivered by Feed43 service

Wesnoth 1.13.0: Development Release

June 11th, 2015

The first release of the new development series, Wesnoth 1.13.0, is now available. Check the forum thread for a list of the most notable changes in this version.
As on previous occasions, we also offer two versions of the changelog: a trimmed-down players changelog including only those items considered to be relevant in regular gameplay, and a more technical full changelog for enthusiasts and content creators. Be warned that both changelogs are extremely long this time around, since this is the very first development release in the series and many changes have piled up since 1.12 beta 2 (version 1.11.11) was released.
The source code and the Windows installer are already available on the downloads page. You may also find packages for other platforms there as they become available.
Bear in mind that this is a development version — as such, it is likely to include a lot of new bugs, some of which are already listed in the release notes. If you encounter other issues, make sure to report them to us so they can be fixed for future releases.
You may comment on this release in the forums.

– Delivered by Feed43 service