#WeGuardian Changelog
## Version 2.4 – Full Messages & GUI Configuration Update
Release Type: Major Configuration & Customization Update
Focus: Flexibility, Localization, and Server Branding
---
##New Features
###Fully Configurable
messages.yml
- Added a dedicated
messages.ymlfile to centralize all player-facing text- Every message is now configurable, including:
* Chat messages
* Error messages
* Success messages
* Notifications
* Titles & subtitles
* Action bar messages
###GUI Customization (100% Configurable)
* All GUI elements are now configurable frommessages.yml, including:
* GUI titles
* Item display names
* Item lores
* Buttons & descriptions
* Affected GUIs:
* Punishment GUI
* Duration GUI
* History GUI
###New Messages Management System
* Introduced a MessagesManager system to:
* Load and cache messages efficiently
* Support placeholders across all messages
* Ensure consistent formatting everywhere
* Uses MiniMessage-compatible formatting for modern text styling
---
##Improvements
* Removed hardcoded strings from:
* GUI classes
* Input handlers (Reason input, Custom duration input)
* Command feedback messages
- Improved maintainability and readability of the codebase
- Easier localization for non-English servers
- Server owners can now fully brand WeGuardian without touching source code
---
##Developer & Admin Benefits
- No recompiling required for message changes
- Clean separation between logic and presentation
- Future updates will automatically support new messages via
messages.yml
---
##Notes for Updating
- On first startup,
messages.ymlwill be generated automatically- Servers upgrading from older versions should review and customize the new file
- Old message values previously in
config.ymlare now handled viamessages.yml
---
###Recommended
Update to WeGuardian v2.4 to unlock full control over messages, GUIs, and server presentation.
WeGuardian v2.3 – Changelog
Bug Fixes
- Fixed /unbanip unbanning the incorrect IP when a banned player’s account was previously used by another person
- Fixed /unmuteip resolving and removing the wrong IP address
- Fixed {player} and {staff} placeholders not working in ban, kick, and mute screens
- Fixed MiniMessage formatting not being parsed correctly when combined with legacy (&) and color codes
New Features
- Added {player} placeholder support to all punishment screen messages
(ban, kick, mute)- Added {staff} placeholder support to all punishment screen messages
(ban, kick, mute)- Added full MiniMessage support alongside legacy color codes
- Supports tags like <red>, <bold>, <gradient:red:blue>
- Added hex color support in MiniMessage format
- Example: <#FF5555>
Broadcast System
- Added broadcast messages for all punishment types, fully configurable via config.yml
- Supported broadcasts:
- Ban / Unban
- Mute / Unmute
- Kick
- IP Ban / IP Unban
- IP Mute / IP Unmute
- All broadcast messages support placeholders:
- {player}, {staff}, {reason}, {duration}, {expires}, {ip}
Improvements
- Chat mute listener priority changed to HIGHEST with ignoreCancelled = false
→ Ensures mutes are enforced over all other plugins- Plugin now loads on STARTUP for earlier and safer initialization
- IP punishments now store and resolve the original punished IP from the punishment record instead of the player’s current IP
Config Updates
- Updated messages.ban.screen to include {player} and {staff} placeholders
- Updated messages.kick.screen to include {staff} placeholder
- Updated messages.mute.blocked to include {staff} placeholder
- Updated messages.mute.applied to include {staff} placeholder
- Added broadcast sections for all punishment and IP punishment types
WeGuardian v2.2 – Database & Security Fixes
Fixes & Improvements
- Fixed MySQL index creation issues (now fully compatible with MySQL & SQLite).
- Punishment broadcast messages now correctly use messages.prefix from config.yml.
- Resolved a critical IP-ban bypass issue allowing alt accounts to join.
- Improved IP normalization (IPv4 & IPv6-mapped IPv4)
- Fixed IP ban cache logic so new bans apply instantly
Notes
- No database migration required
- No config or permission changes
- Safe drop-in update
##Changelog
###Fixes & Improvements
* Fixed full tab completion for smoother command usage.
* Reworked parts of the MySQL Database Manager to improve performance and stability.
###New Features
* Added Alt Detection to better track and manage alternate accounts.
###Removed
* The /stats command has been removed.
Changelog
- Added new option in config.yml under web-dashboard:
web-dashboard:
enabled: false
web-header-title: "WeGuardian"
You can now change the web header title from WeGuardian to your own name. This will be applied across all web pages.
- Improved Web UI with various fixes
- Added support for tempipban, unbanip, and ipban commands
- Expanded Player Management section in the web panel
- Implemented automatic player IP fetching for punishments
- Added proper validation checks for temporary vs permanent punishments
Critical & High Severity
- Request/Response Mix-up – prevented user data from being sent to wrong users.
- Potential Remote Code Execution (RCE) – fixed vulnerability with partial PUT requests.
- DoS in multipart upload – mitigated Denial of Service attacks.
- TOCTOU Race Conditions – fixed Time-of-Check to Time-of-Use timing issues.
- Resource Shutdown Issues – corrected improper resource management.
- Regular Expression Denial of Service (ReDoS) – in TimeUtils.java, unsafe regex patterns fixed.
Moderate & Low Severity
- Security constraint bypasses – ensured constraints cannot be bypassed.
- HTTP priority header DoS – mitigated potential Denial of Service via HTTP headers.
- CGI and rewrite rule bypasses – fixed vulnerabilities allowing rule circumvention.
- Unbounded Input Handling – limited maximum input length in time parsing.
- Unsafe Time Parsing – ensured integers are only parsed after regex validation.
