New ULX and ULib (Security advisory on previous versions!)

[Megiddo]

ULX 3.11 and ULib 2.05 have been released. Change logs!

ULib changelog:

   * [ADD] ply:SetUserGroup() -- Thanks aVoN!
   * [ADD] ply:DisallowVehicles( bool )
   * [FIX] A timer error in UCL, was messing up scoreboard sometimes.
   * [FIX] Security hole where exploiters could gain superadmin access
   * [CHANGE] You can assign allow/denies to the default user group, "user" now. (IE, allow guests to slap)
   * [CHANGE] DisallowSpawning now disallows tools that can spawn things.
   * [REMOVED] Old settings/users.txt stuff, handled by SetUserGroup now

ULX changelog:

   * [FIX] ulx vote. No longer public, people can't vote more than once, won't continue to hog the binds.
   * [FIX] rslots will now set rslots on dedicated server start
   * [FIX] Bring/goto getting you stuck in player sometimes.
   * [FIX] Can't use vehicles from inside a jail now.
   * [CHANGE] bring and goto now place teleporting player behind target
   * [CHANGE] Upped votemapMinvotes to 3 (was 2).
   * [CHANGE] Player physgun now only works in sandbox, lower admins can't physgun immune admins, freezes player while held.
   * [CHANGE] Unblocked custom groups from ulx adduser.

Security advisory (dedicated servers only):
There's a security hole in all previous versions of ULib/ULX that could allow a user to get superadmin access to the ULX commands. You are strongly recommended to upgrade. You can update to ULib 2.05 and keep ULX 3.10 to fix the security hole if you wish, but "ulx adduser" will break.

Download these update from http://ulyssesmod.net/

[TomatoSoup]

What? Removed settings/users.txt stuff?

Whazzat mean?

We can't add people to ULX by using the settings/users.txt file anymore? Thats... well, in my opinion, not wise.

[atomicspark]

He might mean "/data/ulib/users.txt". Mine appears to be missing.

[Megiddo]

I mean the import stuff, it handles it a different way now.

[atomicspark]

Yeah. Scratch what I said before. The "/data/ulib/users.txt" showed up when I re-added someone. That means I'll have to manually add users to it or wait till they're in game. It's more work but hey if it fixes the hax, it's worth it.

[TomatoSoup]

But does that fix the hack?

I'm assuming it has something to do with RCON, JamminR came on my server and used RCON to message me, telling me about the exploit.

[Megiddo]

It still imports from users.txt, as I said.

[spbogie]

People listen!
data/users.txt is not related to ULib/ULX in any way.
data/ULib/users.txt is ULib's users file.
settings/users.txt is the default GarrysMod users file.

   * [REMOVED] Old settings/users.txt stuff, handled by SetUserGroup now
The old method of importing admins from settings/users.txt (by reading the file ourselves and adding the users) has been removed becase it is now handled by SetUserGroup when garrysmod imports the file.

[atomicspark]

Once again the path that I was thinking of and the path I typed was different. I ment to compare your's and gmod's the whole time. Sorry for the confusion.

[Megiddo]

Funny enough, an exploit was discovered in SS today that allowed you to gain superadmin access. When it rains, it pours I suppose.