Sentinel | License Management Solution v2.2.1

• Fixed an issue where custom legacy encryption keys of certain lengths would not be accepted (error on startup).

• Added account reset: admins with the new RESET_USER permission can reset a user's password and/or two-factor authentication, issuing a one-time temporary password and revoking the user's sessions, trusted devices, and login lockout.
• Enforced rank-based authority on cross-user actions: editing, deleting, or resetting a user, and managing another user's API keys, now require outranking that user.
• Restricted role assignment to roles ranked below your own; you can no longer assign a role at or above your own rank.
• Restricted role reordering, editing, and deletion to roles ranked below your own, with reorders blocked client-side and server-side from moving a role to or above your rank.
• Allowed admins to grant a role or API-key overrides containing permissions they don't personally hold, as long as they outrank the target (the target's role is the upper bound, not the actor's).

• Added product platform listings so plugins distributed via Spigot, BuiltByBit, etc. can validate licenses by (platform, resourceId) instead of a hard-coded product name. Update your client to utilize this feature.
• Added Discord audit log sync, forwarding the auditable event types to configurable channels as branded embeds.
• Added AES-256-GCM response encryption for the legacy /api/v1/licenses/auth endpoint, gated by a new LEGACY_ENCRYPTION_SECRET env var (zero overhead when unset).
• Hid Discord roles the bot cannot assign (above its highest role, or unreachable without MANAGE_ROLES) from role selectors.

Complete rewrite of the license management system: new database, new web dashboard, new authentication model, new API surface.

Breaking Changes

• Database: MongoDB replaced by PostgreSQL.
• Runtime: Requires Java 21 (previously 17).
• API: /api/v1 replaced by /api/v2. A /api/v1/licenses/auth compatibility endpoint is available when LEGACY_API_KEY is configured but is deprecated and will be removed in a future release.
• API keys: Stored as SHA-256 hashes. Existing keys cannot be recovered and must be regenerated.
• Products: Moved from static YAML configuration to database-managed entities with a new tier system (products contain tiers, tiers define entitlements).
• Authentication: API key-only authentication replaced by multi-strategy auth (email/password, OAuth2, API keys, session tokens).
• Configuration: YAML config file replaced by Spring externalized configuration (application.yml / environment variables).
• Removed: Response body encryption, various outdated/inconsistent bot commands.

New Features

• Web dashboard: Full React + TypeScript SPA for managing licenses, products, users, roles, and settings.
• Admin user accounts: Email/password registration and login with rate-limited lockout.
• OAuth2: Discord and Google as login and account-linking providers.
• Two-factor authentication: TOTP with QR provisioning, backup codes, and trusted device management. Secrets encrypted at rest.
• Role-based access control: Custom roles with fine-grained permissions, assignable per user.
• License tiers: Products contain tiers, each with its own set of entitlements. Licenses reference a specific tier.
• Audit logging: Field-level change tracking across all entities (licenses, products, tiers, users, roles, API keys, auth events) with sensitive field redaction.
• Response signing: Cryptographically signed license validation responses (nonce + timestamp) to prevent forgery and replay. Optional, enabled when signing keys are configured.
• Discord role reconciliation: Improved automatic Discord role sync based on license connections, with global customer roles and optional orphaned role removal.
• Metrics dashboard: Daily metrics collection with time-series views, product leaderboards, and configurable data retention.
• Global settings: Dashboard-managed application settings.
• Onboarding: Guided setup flow for new installations.
• License key regeneration: Generate a new key for an existing license.
• Advanced search: Filter licenses by product, status, platform, connection, server, and IP.
• Health checks: Health endpoint with Discord bot connectivity indicator and startup validation.
• Deployment options: Docker Compose, a one-line install script, and a ready-to-use Pterodactyl egg.

Improvements

• Improved sub-users: Connection search now matches sub-users, with a visual "Sub-user" badge in the dashboard table and [Sub-user] labels in Discord bot results. Discord sub-users can access license key information through the bot.
• Security hardening: CSRF protection, security headers, and privilege escalation guards.
• Unified /licenses command: Merged /listlicenses and /searchlicense into a single command with inline filters.
• Modal-based Discord editing: Product and tier creation/editing through Discord modals with select menus.
• Rich /mylicenses: Paginated embeds with select menus for viewing license details.
• Product autocomplete: Bot commands with product arguments use Discord autocomplete (25+ products support).
• More paginated list endpoints: All collection endpoints return paginated responses.
• Performance and stability: Various optimizations and performance/stability improvements.

• Reverted the link wrapping change for connection URLs because Discord implemented an anti-phishing feature that breaks it. Connection URLs should now appear as normal. If you have non-standard characters in your connection URLs, you may want to manually override the default URL presentation in bot.yml.
• Sentinel JARs are now distributed as RARs again due to conflicts with BuiltByBit's download system.

BuiltByBit is currently blowing up Sentinel's file size from 46MB to over 100MB (which is not uploadable on many Pterodactyl panels) for some unknown reason. This is a compressed version that bypasses this issue. You will need to extract the JAR from the RAR file. Refer to the previous changelog for 1.10.1 changes.

• Added a new Discord bot "anti-hijack" (guild cap) system that prevents malicious actors from inviting your Discord bot to their own servers (with escalated priviledges). THERE IS NO SECURITY EXPLOIT INSIDE SENTINEL. This is simply a backup feature that limits the number of guilds that your bot can be added to in case you forget to uncheck the "Public Bot" checkbox in your Application settings on https://discord.dev/. More information below.
• Added link wrapping for connection URLs inside the Discord bot's embeds, enforcing more consistent formatting.
• Updated dependencies, including Spring Boot and JDA.

More About the "Anti-Hijack" System
By default, Discord (unfortunately) leaves the "Public Bot" option found in https://discord.com/developers/applications > [Your Application Name] > Bot > Authorization Flow checked. This allows any user to invite your Sentinel bot to their own server(s) using a publicly-accessible application ID. With administrative priviledges on unauthorized Discord server(s), the malicious user is able to execute any of Sentinel's slash commands without restriction.

While our installation instructions explicitly states that the Public Bot option should be unticked, we understand that this step may be missed or the box may be accidentally left checked. Since this "hijack" issue has affected Sentinel and other license systems (and bots in general) in the past, this update adds a limit to the number of guilds the bot can be in at one time.

By default, this limit is set to 1. If you want to have the bot in multiple servers for whatever reason, you need to add and modify the following line in your bot.yml accordingly:

YAML:

# The maximum number of Discord servers/guilds the bot can be in at the same time.
# Default is 1 to prevent bot hijacking if the application is accidentally set as Public.
max-guilds: 1

Again, this is NOT a security exploit within Sentinel, but rather an extra safeguard as a result of an... interesting design decision on Discord's end.

• Implemented proper Discord role tracking based on license connections. Customer and (new) sub-customer product roles are now properly synced and should be added/removed/updated when Discord connections are added/removed/updated from a license (or when a license is created/deleted with Discord connections).
• Added a new license sub-users feature (see below for more information). Sub-users are provided alongside other license information via the API under the "subUsers" JSON key. See wiki for example format.
• Renamed the "Edit Connections" option in the Discord bot to "Edit Connections and Sub-Users" to reflect the new Sub-Users field in the modal.
• Added the Discord command /addsubuser to quickly assign a Discord user as a sub-user of another Discord user's license. This command is simply a shortcut for convenience.
• Added the ability to assign a Discord role to Discord-based sub-users.

"Sub-users" of a license are designed for informational purposes only and do not serve any function in Sentinel itself. The sub-users system allows you to maintain a record of individuals/connections that are indirectly associated with a license. This can be particularly useful for tracking and identifying support needs.

For instance, consider a Minecraft server where the server owner holds the primary license. If a developer or administrator on the server requires customer support, you can add their Discord account as a sub-user to the owner's license. This helps in easily identifying and providing assistance to the relevant individual, even though they are not the primary license holder.

Click to expand...

Configuration Changes
The following changes are mandatory if you are upgrading from an older version of Sentinel!

bot.yml
Add this section.

YAML:

# The role to give for each product when a Discord sub-user is added to a license.
# You can use the role name or role ID.
sub-user-product-roles:
  Example: "Sub-Customer"

Then, set the config-version value to 3.