2021.9.20.1334 - World/Session thumbnail overrides, security improvements, fixes
Hello everyone! Sorry for lack of builds for past few days, been busy with more of the educational projects and some planning for other upcoming things, but here's a bunch more goodies.
Notably, there's now a mechanism to customize world thumbnails! You can either overide location where it's captured or provide a custom image. You can customize capture locations of session thumbnails too in the world.
Importantly there are also some security improvements. Particularly for the initial handshake that verifies identity of the users, to prevent cases of man-in-the-middle attacks impersonating another user, based on an excellent security report based on our new security policy (please check them here: https://github.com/Neos-Metaverse/NeosPublic/blob/master/.github/SECURITY.md).
We updated Assimp to the latest version as well, which sould bring a number of improvements for importing models. A number of bugs were fixes as well, notably haptic feedback not working from newly joined users in the session until they re-equip their avatar.
[h2]New Features:[/h2]
- Added WorldCaptureThumbailSource and SessionCaptureThumbnailSource which allow overriding the thumbnail capture locations when saving world and then generating session thumbnails (prevously requested by @Alex rainbowdashie and @epicEaston197, GH #1419)
-- If you have multiple a random active source is picked
-- For sessions, the sources are weighted by proximity of the users - ones with more users nearby will be preferred
-- You can add optional overlay texture that will be alpha-blended on top of the thumbnail
-- For saved world capture, you can optionally include users in the thumbnail by unchecking "ExcludeUsersInCapture"
- Added WorldTextureThumbnailSource which allows providing a custom thumbnail for saved worlds
Security:
- Reworked part of authentication mechanism when joining a session to prevent chances of man-in-the-middle attacks to impersonate another user (reported by @runtime, Moderation Ticket #687383)
- Disabled automatic Python script execution when importing .blend files to prevent potential security risk (reported by dmx, Moderation Ticket #537424, fixed by @Geenz | Graphics Programmer)
-- Please be careful when opening .blend files from unknown sources and take some caution when importing files from untrusted sources in general
[h2]Tweaks:[/h2]
- Upgraded Assimp to the latest version from upstream
-- This includes 152 commits with a number of bugfixes and improvements. You can see details here: https://github.com/Neos-Metaverse/assimp/pull/9
-- This might fix some files in some cases failing to import (reported by @Shadow Panther [RU/EN, UTC+3] and @DemonZLa GH #3036)
- Pressing the "X" button on the host access request dialog now fires "Ignored" impulse (requested by @kazu0617 Neos:kazu, GH #2881, implemented by @ProbablePrime | Docs)
- Avatar feet will now ignore lower body colliders on other avatar's feet if they're roughly vertically aligned with each other and similar sizes
-- This should fix avatar's feet moving up when two players are close to each other, without affecting the feet reacting to other player's hands or heads (based on reports by @AshtonSparx, @Shifty | Quality Control Lead, @Turk, @Snooper, @Sox and others, GH #2670, GH #676)
- TextureThumbanilSource is now ItemTextureThumbnailSource
- Added "Reset objects that are too far away" to ScaleObjectManager
-- This brings objects that have been moved too far away from the center closer
- Merged Korean locale additions by @MirPASEC
- Merged Japanese locale additions by @Aesc/あすく
- Merged Czech locale additions and fixes by @rampa_3 (UTC +1, DST UTC +2)
- Merged Russian locale additions by @Shadow Panther [RU/EN, UTC+3]
- Merged Finnish locale additions by @Toni Kat
- Merged English locale fixes by @Toni Kat
[h2]Optimizations:[/h2]
- Optimized conversions between UV and pixel coordinates for Bitmap2D
[h2]Bugfixes:[/h2]
- Fixed Neos trying to start playback on audio device that failed to initialize, resulting in a crash (based on report by @I'm Erin., @ProbablePrime | Docs, GH #2120)
-- The device should reinitialize now on the next attempt
- Baking meshes will no longer remove SimpleAwayIndicator if the bake is configured to not destroy the original (reported by @orange, GH #3038)
- ValueTextFormatDriver will no longer update if the Source and Target are the same (based on report by @Epsilion, @Psychpsyo, @Ukilop, GH #3037)
- Put a upper limit on how long a string formatted by ValueTextFormatDriver can get to avoid unbounded exponential growth (currently 262144, can be changed if needed, will later be more flexible/configurable with hard permissions)
- Fixed locomotion modules removed at certain points in the update loop resulting in LocomotionController breaking
-- This fixes locomotion module as well as context menus and other itneractions breaking when modules are installed from OnDone output of a Tween nodes (reported by @Zyzyl, @Jezithyr, @Wolfyx The Hybrid, GH #3035)
-- This also fixes similar issue with other setups (e.g. sample provided by @Espa)
- Fixed avatars of newly joined users in the session not triggering haptic feedback (reported by @infotron and @Shifty | Quality Control Lead, GH #3034)

Notably, there's now a mechanism to customize world thumbnails! You can either overide location where it's captured or provide a custom image. You can customize capture locations of session thumbnails too in the world.
Importantly there are also some security improvements. Particularly for the initial handshake that verifies identity of the users, to prevent cases of man-in-the-middle attacks impersonating another user, based on an excellent security report based on our new security policy (please check them here: https://github.com/Neos-Metaverse/NeosPublic/blob/master/.github/SECURITY.md).
We updated Assimp to the latest version as well, which sould bring a number of improvements for importing models. A number of bugs were fixes as well, notably haptic feedback not working from newly joined users in the session until they re-equip their avatar.
[h2]New Features:[/h2]
- Added WorldCaptureThumbailSource and SessionCaptureThumbnailSource which allow overriding the thumbnail capture locations when saving world and then generating session thumbnails (prevously requested by @Alex rainbowdashie and @epicEaston197, GH #1419)
-- If you have multiple a random active source is picked
-- For sessions, the sources are weighted by proximity of the users - ones with more users nearby will be preferred
-- You can add optional overlay texture that will be alpha-blended on top of the thumbnail
-- For saved world capture, you can optionally include users in the thumbnail by unchecking "ExcludeUsersInCapture"
- Added WorldTextureThumbnailSource which allows providing a custom thumbnail for saved worlds
Security:
- Reworked part of authentication mechanism when joining a session to prevent chances of man-in-the-middle attacks to impersonate another user (reported by @runtime, Moderation Ticket #687383)
- Disabled automatic Python script execution when importing .blend files to prevent potential security risk (reported by dmx, Moderation Ticket #537424, fixed by @Geenz | Graphics Programmer)
-- Please be careful when opening .blend files from unknown sources and take some caution when importing files from untrusted sources in general
[h2]Tweaks:[/h2]
- Upgraded Assimp to the latest version from upstream
-- This includes 152 commits with a number of bugfixes and improvements. You can see details here: https://github.com/Neos-Metaverse/assimp/pull/9
-- This might fix some files in some cases failing to import (reported by @Shadow Panther [RU/EN, UTC+3] and @DemonZLa GH #3036)
- Pressing the "X" button on the host access request dialog now fires "Ignored" impulse (requested by @kazu0617 Neos:kazu, GH #2881, implemented by @ProbablePrime | Docs)
- Avatar feet will now ignore lower body colliders on other avatar's feet if they're roughly vertically aligned with each other and similar sizes
-- This should fix avatar's feet moving up when two players are close to each other, without affecting the feet reacting to other player's hands or heads (based on reports by @AshtonSparx, @Shifty | Quality Control Lead, @Turk, @Snooper, @Sox and others, GH #2670, GH #676)
- TextureThumbanilSource is now ItemTextureThumbnailSource
- Added "Reset objects that are too far away" to ScaleObjectManager
-- This brings objects that have been moved too far away from the center closer
- Merged Korean locale additions by @MirPASEC
- Merged Japanese locale additions by @Aesc/あすく
- Merged Czech locale additions and fixes by @rampa_3 (UTC +1, DST UTC +2)
- Merged Russian locale additions by @Shadow Panther [RU/EN, UTC+3]
- Merged Finnish locale additions by @Toni Kat
- Merged English locale fixes by @Toni Kat
[h2]Optimizations:[/h2]
- Optimized conversions between UV and pixel coordinates for Bitmap2D
[h2]Bugfixes:[/h2]
- Fixed Neos trying to start playback on audio device that failed to initialize, resulting in a crash (based on report by @I'm Erin., @ProbablePrime | Docs, GH #2120)
-- The device should reinitialize now on the next attempt
- Baking meshes will no longer remove SimpleAwayIndicator if the bake is configured to not destroy the original (reported by @orange, GH #3038)
- ValueTextFormatDriver will no longer update if the Source and Target are the same (based on report by @Epsilion, @Psychpsyo, @Ukilop, GH #3037)
- Put a upper limit on how long a string formatted by ValueTextFormatDriver can get to avoid unbounded exponential growth (currently 262144, can be changed if needed, will later be more flexible/configurable with hard permissions)
- Fixed locomotion modules removed at certain points in the update loop resulting in LocomotionController breaking
-- This fixes locomotion module as well as context menus and other itneractions breaking when modules are installed from OnDone output of a Tween nodes (reported by @Zyzyl, @Jezithyr, @Wolfyx The Hybrid, GH #3035)
-- This also fixes similar issue with other setups (e.g. sample provided by @Espa)
- Fixed avatars of newly joined users in the session not triggering haptic feedback (reported by @infotron and @Shifty | Quality Control Lead, GH #3034)


