Stability and Security Update – March 16, 2020

This update contains a number of security and stability fixes for the game server.

  • Mark some convars and commands as FCVAR_CHEAT, by AutoGavy. Some of the cvars allowed unfair advantage to clients and could allow clients to intentionally crash server.
  • Disallow asw_vote_chooser 1 on server. Could be used to crash server. Reported by AutoGavy.
  • Disallow voting for ‘lobby’ map. Could be abused by clients to force players disconnect from server. Reported by AutoGavy.
  • Fix VScript exploits for reading/writing files. Disallowed StringToFile() and FileToString() to access files outside save/vscripts folder. Reported by 南方.