PrivateChest v2.3.1

PrivateChest - Version 2.3.1 Release Notes​

Release Date: 20/03/2026

[2.3.1] - 2026-03-20​

Added​

• Granular Command Permissions
  • New individual permission nodes for each player command:
    • privatechest.lock — Controls access to /lockchest
    • privatechest.unlock — Controls access to /unlockchest
    • privatechest.trust — Controls access to /trust
    • privatechest.untrust — Controls access to /untrust
    • privatechest.rename — Controls access to /renamecontainer
    • privatechest.sign — Controls access to [Private] sign-based locking
  • privatechest.use now acts as a parent permission that grants all of the above
  • Server admins can now deny specific commands per player or group without affecting the rest
  • Sign protection (privatechest.sign) is independent from the command (privatechest.lock), so blocking /lockchest does not block [Private] signs
• Shared Container Utility Class (ContainerUtils)
  • Centralized double chest detection, container validation, and location serialization
  • Eliminates code duplication across 6 files (listeners and commands)
  • Single source of truth for container logic — easier to maintain and less error-prone

Fixed​

• Explosion protection now covers both halves of double chests
  • Previously, if only one half of a double chest had the lock record, the other half could be destroyed by TNT/creepers
  • Both EntityExplodeEvent and BlockExplodeEvent now check all container parts
• Sign protection now uses its own permission (privatechest.sign)
  • Previously shared permission with /lockchest, meaning blocking the command also blocked [Private] signs
  • Now uses a dedicated privatechest.sign permission, independent from privatechest.lock
• Null safety in ChestLocker.serializeLocation()
  • Previously could throw NullPointerException if a world was unloaded
  • Now delegates to ContainerUtils.serializeLocation() with proper null checks
• Sign-based protection password is now cryptographically secure
  • Previously used deterministic hashCode() based on player UUID and location (predictable)
  • Now uses SecureRandom to generate unpredictable 32-character hex passwords

Improved​

• Thread Safety
  • ChestLocker: chestOwners and chestPasswords maps changed from HashMap to ConcurrentHashMap
  • TrustManager: trustRelations map changed from HashMap to ConcurrentHashMap, inner sets use ConcurrentHashMap.newKeySet()
  • Prevents ConcurrentModificationException when async cleanup runs alongside main thread operations
• Timing-safe password comparison
  • PasswordManager.verifyPassword() now uses MessageDigest.isEqual() instead of String.equals()
  • Prevents timing attacks that could leak password hash information

How Granular Permissions Work​

• By default, nothing changes for existing servers. privatechest.use still grants all commands.
• To block a specific command, negate its permission in your permissions plugin:# LuckPerms example — block only /lockchest but keep [Private] signs working
  permissions:
  - privatechest.lock: false
  
  
• The remaining commands will continue working normally.

Migration Notes​

• Fully backwards compatible — no configuration changes required
• Existing permission setups using privatechest.use will continue to work identically
• Thread safety improvements are transparent — no action needed

Compatibility​

• Minecraft 1.16.x – 1.21.11
• Tested on Paper, Purpur, Pufferfish, and Spigot

Support & Feedback​

• Report issues on GitHub: PrivateChest Issues
• SpigotMC Resource: https://www.spigotmc.org/resources/privatechest.124359/

Thank you for using PrivateChest!

PrivateChest v2.3 - Changelog​

Release Date: January 2026

New Features​

Shulker Box Support​

• Lock all 17 shulker box variants (including colored ones)
• Same protection as chests and barrels
• Configurable limits per shulker box type

Expanded Server Compatibility​

• Full support for Folia and its forks (Luminol, LightingLuminol, LeafMC, Kaiiju)
• Works on all major server software

Improved Bedrock Support​

• Better Geyser and Floodgate detection
• Seamless experience for Bedrock Edition players

Compatibility​

Minecraft: 1.16.5 - 1.21.x

Servers:

• Spigot, Paper, Purpur, Pufferfish
• Folia, Luminol, LightingLuminol, LeafMC, Kaiiju

Cross-Platform:

• Java Edition
• Bedrock Edition (via Geyser/Floodgate)

Bug Fixes​

• Fixed shulker boxes not being recognized as lockable containers
• Improved password security handling

Migration​

No action required. Update and enjoy the new features!

PrivateChest - Version 2.2 Release Notes
Release Date: December 1st, 2025

[2.2] - 2025-12-01
Added

- Configurable Hopper Protection System

New hopper-protection.allow-hopper-access option in config.yml
Allows players to enable hopper access for automated sorting systems with locked containers
Includes comprehensive security warnings and documentation in configuration file
Default setting remains secure (false) - blocks all automated item movement

Click to expand...

- Improvements

Enhanced HopperProtectionListener with configurable behavior
Added detailed JavaDoc documentation for hopper protection logic
Improved security transparency with clear warnings about enabling hopper access

Click to expand...

- Configuration Changes

New section hopper-protection added to config.yml

Click to expand...

allow-hopper-access: false (default - maximum security)

Detailed documentation on security implications and recommended use cases

Click to expand...

- Use Cases

This update is designed for:

Servers with automated sorting/storage systems
Private or trusted servers where theft is not a concern
Servers with additional claim/protection plugins

Click to expand...

- Security Notes

Default behavior unchanged: Hoppers remain blocked from protected containers
When enabled, ANY hopper can access locked containers (including those placed by other players)
Recommended only for trusted environments or servers with additional protection layers
Admin bypass permissions remain unaffected

Click to expand...

- Compatibility

Minecraft 1.16.x – 1.21.10
Tested on Paper, Purpur, Pufferfish, and Spigot

Click to expand...

- Installation & Configuration

Update: Replace your old PrivateChest JAR with version 2.2
Reload or Restart: Run /privatechest reload or restart your server
Configure (Optional): Edit config.yml to enable hopper access if needed:

Click to expand...

hopper-protection:
allow-hopper-access: true # Set to true to enable

- Known Issues

None reported for this version.

Click to expand...

- Support & Feedback

Report issues on GitHub: PrivateChest Issues
SpigotMC Resource: https://www.spigotmc.org/resources/privatechest.124359/

Click to expand...

Thank you for using PrivateChest!

PrivateChest v2.1 - Major Update Release​

What's New​

Enhanced Security System​

• Complete Hopper Protection: Hoppers, droppers, and dispensers can no longer bypass chest protection
• Block Placement Protection: Players cannot place blocks adjacent to protected containers to bypass security
• Automatic Cleanup: Orphaned data from removed containers is automatically cleaned up to maintain performance

Container Renaming System​

• Custom Names: Give your locked containers custom names up to 16 characters
• Easy Commands: Use /renamecontainer <name> or /renamecontainer remove
• Smart Validation: Names are automatically validated for compatibility

Advanced Limit System​

• Container-Specific Limits: Set different limits for chests, barrels, and shulker boxes
• Granular Permissions: Fine-tune exactly how many of each container type players can lock
• Backward Compatible: Existing limit configurations continue to work unchanged

Cross-Platform Support​

• Bedrock Edition: Full compatibility with Bedrock Edition players via Floodgate/Geyser
• Smart Messages: Messages automatically adapt for optimal display on each platform
• Universal Access: Java and Bedrock players can seamlessly interact with the same protected containers

How to Install​

1. Stop your server
2. Replace the old PrivateChest.jar with the new v2.1 file
3. Start your server - all configurations will be automatically updated
4. No data loss - all existing locked containers remain protected

New Commands​

• /renamecontainer <name> - Set a custom name for the container you're looking at
• /renamecontainer remove - Remove the custom name from a container

New Configuration Options​

Add these to your config.yml if you want to customize the new features:

YAML:

# Container-specific limits (optional)
container-limits:
  enabled: false  # Set to true to use granular limits
  types:
    chest: 10
    barrel: 5
    shulker_box: 2

# Automatic cleanup (enabled by default)
auto-cleanup:
  periodic-enabled: true

New Permissions​

• privatechest.limit.chest.X - Allows locking X chests
• privatechest.limit.barrel.X - Allows locking X barrels
• privatechest.limit.shulker_box.X - Allows locking X shulker boxes

Compatibility​

• Minecraft: 1.16+ (Spigot/Paper)
• Java: 8+
• Bedrock: Supported via Floodgate/Geyser
• Existing Data: Fully compatible - no migration needed

Notes for Server Owners​

• All existing locked containers continue working without any changes
• Configuration files are automatically updated while preserving your custom settings
• The new features are optional - enable only what you need
• Performance improvements through automatic cleanup system
• Full backward compatibility with existing permissions and configurations

Bug Fixes​

• Fixed rare cases where hoppers could access protected containers
• Improved double chest detection and protection
• Enhanced permission checking for edge cases
• Better error handling for corrupted data files

Download PrivateChest v2.1 and enjoy enhanced security with powerful new features!

PrivateChest 2.0 - Major Update!

What's New

Enhanced Security

• Password Encryption: All passwords are now securely hashed using SHA-256 with salt. Your old passwords will work and be automatically upgraded when used.
• Better Data Protection: Significantly improved security against potential data breaches.

Trust System

• Share Access Safely: Give other players access to your locked chests without sharing passwords
• New Commands: /trust <player> and /untrust <player>
• Easy Management: Use /trust list to see who you trust, /untrust all to remove everyone

Sign Protection

• Visual Locking: Place a sign with [Private] on the first line near your chest to lock it
• No Commands Needed: Perfect for players who prefer visual interactions over typing commands
• Break to Unlock: Simply break the sign to unlock your chest

Chest Limits

• Permission-Based Limits: Control how many chests players can lock based on their rank/permissions
• Perfect for Economy Servers: Reward VIP players with more chest locks
• Admin Control: Set custom limits from 1 to unlimited chests per player

Performance Improvements

• SQLite Support: Optional database storage for servers with many locked chests (better performance)
• Optimized Code: Faster chest interactions and reduced memory usage
• Smart Caching: Improved response times for large servers

Developer API

• Public API: Other plugins can now safely interact with PrivateChest
• Better Integration: Perfect for custom plugins and advanced server setups

Migration from v1.x

Fully Automatic Migration

• All your existing locked chests will continue working normally
• Passwords are automatically upgraded to secure format when used
• No manual configuration needed - just replace the plugin file
• All new features are disabled by default for compatibility

Migration Steps:

1. Backup your plugins/PrivateChest/ folder (recommended)
2. Stop your server
3. Replace the old PrivateChest.jar with v2.0.0
4. Start your server
5. Enable new features in config.yml if desired

Configuration

New options in config.yml:

• storage-type: yaml (or "sqlite" for better performance)
• enable-sign-protection: true
• enable-chest-limits: false
• default-chest-limit: 5

Permission Examples

YAML:

# Chest Limits (when enabled)
privatechest.limit.unlimited  # No limits
privatechest.limit.100        # Up to 100 chests
privatechest.limit.25         # Up to 25 chests
privatechest.limit.10         # Up to 10 chests
privatechest.limit.5          # Up to 5 chests

Bug Fixes

• Fixed rare double chest synchronization issues
• Improved hopper protection reliability
• Better error handling for corrupted data
• Enhanced explosion protection

This is our biggest update yet!
Perfect for survival servers, economy servers, and any server that wants secure, user-friendly chest protection!

Compatible with Minecraft 1.16.x - 1.21.5 | Tested on Paper, Purpur, Pufferfish

PrivateChest v1.6.3 - Changelog​

This update focuses on fixing the long-standing double chest protection issue and brings several improvements to stability and usability.

Fixed​

• Critical Double Chest Bug: Resolved the major issue where only one half of a double chest (large chest) would be protected. Now, both halves are correctly identified and secured during locking, interaction (/unlockchest), block breaking, and hopper interactions. This ensures complete protection for double chests and barrels.

Changed / Improved​

• Enhanced Hopper Protection: Hoppers are now reliably prevented from both pulling items from and pushing items into any protected container (single chests, double chests, barrels).
• Corrected /clearchests Logic: The /clearchests command now functions as intended, specifically targeting and removing only "orphaned" entries from data.yml (protections for containers that no longer exist or are invalid). It no longer affects valid, existing protections.
• Improved DataManager: Added more robust error handling and console logging when loading data.yml. This will help server administrators diagnose issues with corrupted or invalid location entries.
• Auto-Updating messages.yml: The messages.yml file will now automatically add any new message keys from future plugin updates, preserving existing user customizations.
• Refined Configuration Files:
  • config.yml: Removed non-functional options (allow-double-chests, unlock-duration-seconds, allow-shared-access) to prevent confusion. Added clearer comments.
  • messages.yml: Added new messages for recent changes, improved wording on existing ones, and added detailed comments to explain each message's purpose.
• Updated plugin.yml: Corrected version number and added /pc as an alias for /privatechest.
• Code Refinements: General internal code improvements for stability and maintainability.

PrivateChest 1.6.2 – Hopper Exploit Patch & Full Container Protection​

New Protections:​

• Hoppers can no longer extract items from any protected container.
• Applies not only to chests and barrels, but automatically supports any future container types added to PrivateChest (like furnaces, droppers, shulkers, etc.).
• Uses smart event handling via InventoryMoveItemEvent to detect and cancel unauthorized item transfers.

Technical Improvements:​

• Protection now checks container ownership via ChestLocker.isChestLocked(...), ensuring consistent behavior.
• No performance impact; event runs only when hoppers are in use.

Recommended For:​

• Any server using hoppers, redstone automation, or container protection systems.
• Servers upgrading from 1.6.1 or earlier.

Thank you for using PrivateChest Free!

If you find the plugin helpful, please consider leaving a review or joining our support community.

Support available in English and Spanish.

PrivateChest 1.6.1 – Admin Bypass Fix

Fixes:

• Fixed: Admins with the privatechest.admin permission could not open locked chests they did not own.
  
  
• Admins can now access any protected chest without being the owner, as originally intended.
  
  
• Optionally shows a message when an admin accesses a chest (notify-admin-on-open in config).
  

Notes:

• This fix improves the reliability of admin control over protected containers.
  
  
• No changes were made to the core protection or chest data structure.
  

Suggested for:

• Server owners, admins, moderators, and anyone with admin permissions.
  

Thank you for using PrivateChest Free!

If you enjoy the plugin, consider leaving a review and reporting bugs or suggestions.

Support is available in English or Spanish.