Changelog

All notable changes to CCLogger will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

5.2.0-alpha.3 (2025-12-05)

Documentation

• convert markdown tables to HTML for CurseForge compatibility (d9a1ea7)
• use simple lists instead of tables for CurseForge (38800ac)
• webapp: replace Vite template with project documentation (5e6564d)

5.2.0-alpha.2 (2025-12-05)

Bug Fixes

• ci: only publish to CurseForge/Modrinth when code changes exist (b3e0a05)

Documentation

• update documentation with React web dashboard features (9fe37c4)

Miscellaneous Chores

• ci: configure release-please to track all commit types (640c943)

5.2.0-alpha.1 (2025-12-05)

Features

• web: add modern React dashboard with JWT auth improvements (7c307e9)
• web: Complete React dashboard with modern UI and JWT authentication (2d2963b)
• web: complete UI/UX facelift with modern design system (b428833)

Bug Fixes

• ci: add prerelease versioning strategy (adc33b4)
• ci: configure release-please for proper prerelease versioning (bbfbed4)
• test: increase wait time in JWT expiration test for reliability (2588545)

5.1.5-alpha.1 (2025-12-05)

Bug Fixes

• ci: use version.txt instead of gradle.properties for versioning (421e942)

5.1.4-alpha.1 (2025-12-05)

Bug Fixes

• ci: add release-please marker to gradle.properties (3d342a5)
• ci: correct release-please marker placement in gradle.properties (0e14052)

5.1.3-alpha.1 (2025-12-05)

Bug Fixes

• ci: disable Modrinth unfeature-mode to avoid 401 error (b54c8e6)

5.1.2-alpha.1 (2025-12-04)

Bug Fixes

• ci: publish to CurseForge/Modrinth when release is created (71975a5)

5.1.1-alpha.1 (2025-12-04)

Bug Fixes

• ensure future Jooby API compatibility (82f8afb)

5.1.0-alpha.1 (2025-12-04)

Features

• E2E testing framework and CurseForge security scan (380b142)
• e2e: Add comprehensive E2E testing framework with log entry factories, HTTP client, and database containers (30b8b21)

Bug Fixes

• exclude JWT NoneAlgorithm to pass CurseForge security scan (32abf8b)

5.0.0-alpha.1 - 2025-12-03

Added

• Multiple Storage Backends: Full support for File, SQLite, MySQL, MongoDB, and Redis
• Web Dashboard: REST API with JWT authentication for viewing and searching logs
  • /api/auth/token - Authentication endpoint
  • /api/logs - Query logs with filtering
  • /api/logs/player/{name} - Logs by player
  • /api/logs/type/{type} - Logs by type
  • /api/logs/search - Full-text search
  • /api/stats - Statistics endpoint
• Rate Limiting: Configurable rate limiting for web API endpoints
• GDPR-Compliant Privacy: Four IP logging modes
  • disabled - No IP addresses stored (recommended)
  • full - Complete IP address
  • truncated - Last octet zeroed (192.168.1.0)
  • hashed - bcrypt hash with daily rotating salt
• Command Blacklist: Regex-supported patterns to exclude sensitive commands from logging
• Notification System: Real-time alerts when keywords or suspicious commands are detected
• Auto-Archive: Automatically compress and archive old logs (ZIP or GZIP)
• Per-Player Logs: Optional individual log files for each player
• bStats Metrics: Anonymous usage statistics

Changed

• Web Framework: Migrated from Javalin/Jetty to Jooby/Netty for better security
• Minimum Java version: 21
• Minimum Paper version: 1.21

Security

• Fixed CVE-2024-6763 (Jetty HTTP/2 vulnerability) by migrating to Netty
• Fixed CVE-2024-8184 (Jetty server vulnerability) by migrating to Netty
• Fixed Netty CVEs (MadeYouReset DDoS, Zip bomb DoS, Request smuggling) with Netty 4.2.7.Final
• Fixed CVE-2025-52999 (jackson-core StackOverflowError)
• Fixed CVE-2024-26308, CVE-2024-25710 (commons-compress vulnerabilities)
• Fixed CVE-2025-48924 (commons-lang3 uncontrolled recursion)
• All dependencies pinned via BOM and constraints for transitive security

Technical

• Comprehensive test suite
• E2E tests with real Minecraft server in Docker
• Testcontainers for MongoDB integration tests
• MockBukkit for unit testing Bukkit components