NeoEssentials v1.1.4 — TAB List Ping Fix

Fixed

• TAB list players in the same group all showing identical ping — every player in a permission group shared one scoreboard team, so the team's suffix carrying the ping value got overwritten by whichever player was processed last in the update loop. Result: every row in a multi-member group displayed the same ping. The bug existed for ALL groups (player, mod, admin, owner, custom) — it just only surfaced visibly when 2+ people were online in the same group at once. Switched to one team per player so each row carries its own independent prefix and suffix. Same group prefix is still rendered for everyone in the group, but the ping is now correctly per-player.

Internal

• Added cleanup on PlayerLoggedOutEvent so per-player scoreboard teams don't accumulate over time

NeoEssentials v1.1.3 — Out of Beta: Combat, WebSocket & Kit Crash Fixes

What's New in v1.1.3

NeoEssentials is out of beta. Every known issue from v1.1.2-beta is fixed, plus over 1,000 lines of orphaned code removed and several crash paths hardened. Tested live on an ATM10 v6.6 server with FTB Ranks installed. Server running NeoForge 21.1.224.

Bug Fixes

• Combat tag stuck — /home and /tpa were blocked for 5 seconds after attacking armor stands, vehicles, item frames, villagers, or your own tamed pets. Combat is now only triggered by actual hostile mobs and other players. Self-damage (thorns reflection) no longer tags. Combat timer now refreshes on every valid hit so long fights stay tagged instead of expiring mid-combat.
• newPlayerKit crash on malformed first_joined.json — Handler crashed if the file contained anything other than a valid JSON array (corruption, empty file, unexpected content). Added proper JSON array guard, thread-safe lock across concurrent joins, atomic temp-file-then-move writes with UTF-8 encoding, and canonical path resolution via ResourceUtil.
• WebSocket double-start crash — IllegalStateException was thrown whenever the dashboard was stopped and started again (manual /neoe dashboard restart, reload, etc.). The underlying java-websocket library does not allow restarting a stopped server. Added startIfNotStarted() guard and shutdownAndReset() that clears the singleton so a fresh instance can be created on next start.
• Dashboard rate limit too low by default — Default maxRequestsPerMinute raised from 60 to 200. Fresh installs will no longer hit intermittent "Connection Error" on the web UI with live widgets.
• Heavy log spam on the dashboard data path — 25 routine LOGGER.info calls in ServerDataCollector, PlayerDataCollector, and ServerEndpoint were firing on every data collection cycle / API request. All changed to LOGGER.debug. Error and warn calls preserved so real problems still surface.

Cleanup

• Duplicate ResourcePackManager packages removed — The orphaned com.zerog.neoessentials.resourcepacks (plural) package contained a half-finished admin pack upload feature with zero imports, zero references, and zero event wiring from anywhere in the codebase. Removed (1,043 lines across 3 files). The active resourcepack (singular) badge/emoji auto-send system is untouched.
• PermissionBridge hardcoded color codes — 93 legacy § color codes scattered across help output replaced with a private styled() helper using the Minecraft ChatFormatting enum. Matches the style used elsewhere in the mod (ChatComponentUtil, MessageUtil). Type-safe, no more invisible control characters in source.

TAB List

• Individual player rows now show [group] PlayerName pingms with live ping updates and color coding (green good / yellow ok / red bad). Prefix is pulled from the player's permission group.

Config Notes

NeoEssentials configs are located at config/neoessentials/ in your server directory.

config/neoessentials/webdashboard.json (securitySettings section):

• "maxRequestsPerMinute": 200 — is now the default (was 60)

After changing configs, run /neoe reload in-game or from console.

Known Issues

None. All previously documented known issues from v1.1.2-beta have been fixed.

NeoEssentials v1.1.2-beta — Bug Fixes, Code Quality & Dashboard Confirmed

⚠️ NOTE: This is a TEST BUILD. Report any issues on the repository.

What's New in v1.1.2-beta

Building on v1.1.1-beta, this release adds more bug fixes, code quality improvements, and the first confirmed working dashboard.

Bug Fixes

• /god command crash — Argument name conflict with other mods caused crash. Renamed "target" to "playername" across all PlayerStateCommands
• AntiSpamManager log spam — Split config not loading chat config properly, spamming errors on every chat message
• ChestShop no disable option — Was hardcoded with no way to turn off. Added chestShopEnabled toggle to modules config. Allows third-party economy mods like EconomyCraft to work without conflicts
• Dashboard registration crash — Crashed with NPE when registrations file was empty or invalid
• 7 empty catch blocks in PermissionsCommand — All silently swallowed errors. Now log with LOGGER.error()
• BalanceCommand null UUID — Console crashed when checking other player balances
• TranslationHandler thread safety — Replaced HashMap with ConcurrentHashMap to prevent race conditions
• Session IDs logged unsafely — Wrapped unguarded session ID logging with debug mode check

Dashboard

Web dashboard tested and confirmed working — login, overview, players, performance, worlds, and events all functional.

Config Notes

NeoEssentials configs are located at config/neoessentials/ in your server directory.

config/neoessentials/main.json (modules section):

• "chestShopEnabled": false — disables NeoEssentials ChestShop to avoid conflicts with third-party economy mods

config/neoessentials/webdashboard.json (securitySettings section):

• "maxRequestsPerMinute": 200 — recommended for stable dashboard UI

After changing configs, run /neoe reload in-game or from console.

Known Issues

• Dashboard rate limit too low by default — Default maxRequestsPerMinute of 60 causes intermittent "Connection Error" on the web UI. Set to 200 in config/neoessentials/webdashboard.json under securitySettings for stable operation
• Combat tag stuck — Players may get "cannot teleport while in combat" possibly from invisible modded entity damage not sure why yet
• Duplicate ResourcePackManager packages — Upstream leftover, not causing bugs
• PermissionBridge hardcoded color codes — Cosmetic only

NeoEssentials v1.1.1-beta — Bug Fixes, Security Patches & CORS Overhaul

⚠️ NOTE: This is a TEST BUILD. Report any issues on the repository.

What's New in v1.1.1-beta

This is a comprehensive bug fix, security patch, and quality-of-life release based on real-world testing on an ATM10 v6.5 server with FTB Ranks installed.

Bug Fixes

• PermissionManager null crash — Internal permission manager now always loads as a fallback when FTB Ranks is active
• setgroup null guard — Added null check and auto-creates users not yet seen by the permission system
• Commands not working for players — Fixed broken dispatcher check that prevented all /neoe commands from working in-game
• /delhome and /sethome infinite confirm loop — Restructured confirmation flow to prevent looping and cooldown conflicts
• Teleport safety on modded servers — findSafe hardcoded to false to prevent teleport failures (credit: Algid)
• New player chat invisible — Default chat channel was local (100 block radius), changed to global. Also added vanilla fallback if chat formatting fails
• Vanish unvanish requires rejoin — showPlayerToSpecific was empty, now properly sends tab list and entity packets
• VanishManager null crash — Fixed same null manager pattern as PermissionSystem when FTB Ranks is active
• Dashboard login not working — Login endpoint was ignoring passwords and only doing Minecraft player lookup. Now properly routes to password-based authentication
• /god command crash — Argument name conflict with other mods caused crash. Renamed "target" to "playername" across all PlayerStateCommands

Security Patches

• SQL injection — Added table name sanitization and hardened query blocklist in database browser
• Command execution bypass — Restricted commands now always enforced server-side, removed client-side bypass flag
• Password hashing — Replaced unsalted SHA-256 with PBKDF2 (65,536 iterations, random salt). Backwards compatible with auto-upgrade on login
• Path traversal — Normalized backup restore path before validation to prevent ../ escape
• CORS wildcard — Replaced hardcoded Access-Control-Allow-Origin: * across 22 locations with centralized CorsHandler that reads allowed origin from config

New

• CorsHandler.java — Centralized CORS utility, reads from config instead of hardcoding *
• corsAllowedOrigin config — New setting to control allowed origin for dashboard API

Testing

Tested on ATM10 v6.5, NeoForge 21.1.224, with FTB Ranks installed.

Config Note

If upgrading from a previous version, you may need to manually update your chat config:

• Set local channel "default": false
• Set global channel "default": true
• Or disable local channel entirely with "enabled": false
  Then run neoe reload.

Known Issues (targeting v1.1.2)

• AntiSpamManager null config — Split config system not loading chat config properly for anti-spam filters, spamming errors in server logs on every chat message
• /god command argument conflict — Fixed in testing but not yet included in this release
• Web dashboard UI untested — Security patches applied but full UI testing still pending

Development Status

Our primary focus so far has been resolving in-game issues — permission crashes, command failures, chat visibility, vanish, and god mode conflicts. The major in-game bugs have been resolved and tested on a live ATM10 v6.5+ server with FTB Ranks.

The web dashboard has received security patches (SQL injection, CORS overhaul, PBKDF2 passwords, command bypass, path traversal, login fix) but has not been fully tested through the UI yet. Dashboard functionality may have issues that haven't been discovered. Web UI testing and fixes are next on the roadmap.

neoessentials v1.1.0-beta + security fixes and bug fixes.

Note:

NOTE: These are experimental test builds and may be unstable. I am actively reworking NeoEssentials into a fully functional mod, so features may be unstable.