2020.6.8.518 - Permission system security improvements, many bugfixes, Quest APK
Some important security improvements and bunch of various bugfixes! Most work now goes towards the Radiant UI, you can actually find the functional pieces of Facets and Containers that were shown in #devlog and play with them, but don't use them for anything serious yet, the system is heavily incomplete!
Android builds were updated to the latest build as well! Update on usual channels. (based on feedback by @Starkido)
[h2]New Features:[/h2]
- New Icons by Stubblöv#1507
-- New Deposit / Withdraw NCR icons
-- New icons for the world orb context menu
-- New leave world icon
[h2]New Work-in-progress Features:[/h2] (do not use for serious projects yet!)
- Implemented Facet component, that allows specifying Facet dimensions, aspect ratios and so on (a quick blank Facet can be created with the "Create New" option now)
- Implemented Facet container & interaction system
- Implemented Grid Container for Facets
[h2]Tweaks:[/h2]
- "Busy" online mode will now make all sessions start as private by default, the way invisible mode does (based on feedback from @PeterTheThinker)
[h2]Security:[/h2]
- Added low-level validations to role changes to fix security exploits where users could assign invalid roles to themselves, the host or other users (based on reports from @Lewi-bean | Audio Designer, @Rue Shejn | Artist 3D and @Shifty | Quality Control Lead)
-- If you want to mess with the system, I strongly recommend doing it in a controlled setting with permission of the host (or hosting yourself). If you trip the system, it will temporarily ban you from the host (until they restart), so you can lock yourself out of public sessions
- The permission components can now only be changed by the host, regardless of all permissions, preventing any other users from modifying their own permissions (this will be extended in the future with the hard permission system to allow more granularity) (based on various reports and feedback (sorry I forgot who all talked about this! ;_;))
- Internal moderation tool improvements to help resolving asset ownership disputes
[h2]Bugfixes:[/h2]
- Added extra diagnostic information to youtube-dl integration (based on problem by @Ardes)
- Fixed Video Player not switching back to mono display after it has been switched to stereo (reproted by @Danyy59, @Enverex and @H3BO3)
- Added filtering to the world-space laser offset/direction/distance values, to prevent the world from corrupting the userspace laser, breaking interactions (reported by @Shifty | Quality Control Lead on behalf of @Aegis_Wolf | Artist 3D/2D)
- Fixed being able to assign a role higher than the "Admin" default role to users on worlds hosted by the headless (reported by @ProbablePrime)
- Removed default System assemblies for type processing during Neos initialization, speeding up the startup a bit and fixing some errors in the headless startup process (like one reported by @Oblivionburn )
- Fixed headless kick, ban, respawn and role commands being able to be applied on the headless host itself
- Fixed headless not being able to load the CSCore and its depenencies when running with .NET Framework, causing audio clips to not load on the headless and print out errors when attempting to do so
- Fixed the user being respawned due to invalid raycast values in the interaction laser (e.g. ones caused by scaling the avatar's arm to 0, reported by @Shifty | Quality Control Lead on behalf of @GearBell)
Android builds were updated to the latest build as well! Update on usual channels. (based on feedback by @Starkido)
[h2]New Features:[/h2]
- New Icons by Stubblöv#1507
-- New Deposit / Withdraw NCR icons
-- New icons for the world orb context menu
-- New leave world icon
[h2]New Work-in-progress Features:[/h2] (do not use for serious projects yet!)
- Implemented Facet component, that allows specifying Facet dimensions, aspect ratios and so on (a quick blank Facet can be created with the "Create New" option now)
- Implemented Facet container & interaction system
- Implemented Grid Container for Facets
[h2]Tweaks:[/h2]
- "Busy" online mode will now make all sessions start as private by default, the way invisible mode does (based on feedback from @PeterTheThinker)
[h2]Security:[/h2]
- Added low-level validations to role changes to fix security exploits where users could assign invalid roles to themselves, the host or other users (based on reports from @Lewi-bean | Audio Designer, @Rue Shejn | Artist 3D and @Shifty | Quality Control Lead)
-- If you want to mess with the system, I strongly recommend doing it in a controlled setting with permission of the host (or hosting yourself). If you trip the system, it will temporarily ban you from the host (until they restart), so you can lock yourself out of public sessions
- The permission components can now only be changed by the host, regardless of all permissions, preventing any other users from modifying their own permissions (this will be extended in the future with the hard permission system to allow more granularity) (based on various reports and feedback (sorry I forgot who all talked about this! ;_;))
- Internal moderation tool improvements to help resolving asset ownership disputes
[h2]Bugfixes:[/h2]
- Added extra diagnostic information to youtube-dl integration (based on problem by @Ardes)
- Fixed Video Player not switching back to mono display after it has been switched to stereo (reproted by @Danyy59, @Enverex and @H3BO3)
- Added filtering to the world-space laser offset/direction/distance values, to prevent the world from corrupting the userspace laser, breaking interactions (reported by @Shifty | Quality Control Lead on behalf of @Aegis_Wolf | Artist 3D/2D)
- Fixed being able to assign a role higher than the "Admin" default role to users on worlds hosted by the headless (reported by @ProbablePrime)
- Removed default System assemblies for type processing during Neos initialization, speeding up the startup a bit and fixing some errors in the headless startup process (like one reported by @Oblivionburn )
- Fixed headless kick, ban, respawn and role commands being able to be applied on the headless host itself
- Fixed headless not being able to load the CSCore and its depenencies when running with .NET Framework, causing audio clips to not load on the headless and print out errors when attempting to do so
- Fixed the user being respawned due to invalid raycast values in the interaction laser (e.g. ones caused by scaling the avatar's arm to 0, reported by @Shifty | Quality Control Lead on behalf of @GearBell)