We just released SFS2X patch 2.18.2 which provides a series of features that have been requested and launches updated client-side APIs for all supported platforms. You can read the release notes and proceed with the download from here.
The latest client API can be obtained from our dedicated download section.
Please note: the patch requires SFS2X 2.18.0 to be already installed.
We just released a small update for SFS2X 2.18 that addresses a bug and a couple minor issues we’ve found. You can read the release notes and proceed with the download from here.
Please note: the patch requires SFS2X 2.18.0 to be already installed.
We have just released SmartFoxServer 2X 2.18.0, which provides several library updates, new runtime, support for M1 Macs, extra features and bug fixes.
Please note: the new release comes as a standalone installer so it can’t be used to update a previous instance.
» Get the new SmartFoxServer 2.18.0 installer from our download section.
» Read the full release notes here.
In this article we are going to explore several ways to use the open source HAProxy load balancer in conjunction with SFS2X, to increase the scalability and availability of a multiplayer project.
We are going to show different configurations for TCP and Websocket connections and several ways to setup the system for common use cases.
To get the most out of this tutorial we require a basic knowledge of what a Load Balancer is and how it works, and some familiarity with the basics of networking and the OSI Model.
Continue readingWe have added a new article to our SFS2X documentation website for developers who need to run SFS2X with a different Java Runtime version.
We provide a short list of JRE/JDK vendors that we have tested over the course of many years and a detailed table of compatibility with the more recent Java Runtimes, up to version 16.
You can read the JRE Compatibility article here.
We have just released cumulative patch 2.17.3 for SmartFoxServer 2X, addressing an issue with the Flood Filter and another with MMORooms.
For more details on all recent changes and updates check our release notes here.
When running SmartFoxServer on machines with large amounts of RAM (e.g. 32/64GB or more) developers often have questions about strategies to make use of all resources, and how to optimize garbage collection.
At first these questions can seem intimidating, considering the vast amount of custom settings available for the Java Runtime and the multiple garbage collection options, each with its own set of configuration choices.
The good news is that navigating the complexity of the JVM is easier and less intimidating than expected (at least for SFS2X devs) and with this article we hope to simplify most SmartFoxServer users’ life.
Continue readingWe have gone through a full review to the SmartFoxServer documentation: now all code snippets are written in C# and JavaScript, other than the previous ActionScript 3.
At the start of 2021 three vulnerability reports were published describing alleged SmartFoxServer 2.17.0 (the latest version as of March 2021) exploits. We exchanged several emails with the individual who created the reports prior to their publishing, pointing out evident flaws in the findings but they were still published without correcting those glaring mistakes.
The following are the reports in question:
They all refer to a so called “God Mode Console”, an additional Admin Tool module which is always inactive by default in any SmartFoxServer installation. The module can be activated by an Admin via multiple manual steps and it can be used to debug a live server at runtime, typically when a bug or issue cannot be reproduced locally but it manifests in a live environment.
NOTE: the console cannot be activated or remotely accessed. It requires the server admin to manually activate it and use it.
Given this premise it goes without saying that the first “vulnerability” report is a just an example of bad security reporting. The whole point of the console is to execute arbitrary commands and an attacker that has local access and credentials to enable the console is already in control of the target server. Even after explaining these points to the “researcher” prior to publication, he went ahead and posted the alleged exploit.
The 2nd entry in the list claims that the Admin password is stored in clear text, which is correct, and flags it as medium threat. We agree with the claim and we can also provide further details: there aren’t many better ways to secure such password and a clear text file can be efficiently secured by way of user permission management.
For more info on securing clear-text passwords, please take a look at this discussion on StackOverflow.
The 3rd and last entry reports an XSS (cross site scripting) exploit without actually showing any evidence of the “cross site” part. As already clarified this is an admin-only console that is not accessible to the outside world and disabled by default, but the author willfully ignored it and reported it as a vulnerability.
If there’s any other questions regarding these issues you can get in touch with us via the support section found on our website.
We have just released SmartFoxServer 2X 2.17.0, codenamed “Flash Farewell” as we have cut the remaining ties with the old Flash-based Admin Tool.
It seems that many users forgot about the termination of Adobe Flash on Jan. 12th 2021 and have found themselves unable to reach their servers with the legacy Admin Tool. This release is particularly targeted at those users, as it packs all the recent updates in one installer.
Read more about installation and migration to SFS2X 2.17.0 in our forum post.