MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

New build announcements plus site news and changes.

Moderators: dorpond, trevor, Azhrei, Craig

Post Reply
User avatar
wolph42
Deity
Posts: 9904
Joined: Fri Mar 20, 2009 5:40 am
Location: Netherlands
Contact:

MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by wolph42 »

Dear MapTool users,

Recently two exploits have been brought to our attention which are both very severe.

MapTool versions 1.7 and earlier are vulnerable to hackers who can use the exploits to access your files / run programs on a computer running a server even if you have a password set. The latest version of MapTool 1.8 has fixed these exploits, WE ADVISE EVERYONE TO UPGRADE AS SOON AS POSSIBLE.

DOWNLOAD LINKS TO VERSIONS EARLIER THAN 1.8 HAVE BEEN REMOVED AND ALL ACCESS TO THE RPTOOLS REGISTRY WILL BE LIMITED TO VERSION 1.8 AND NEWER.

Below we address (what we expect to be) the main three topics:

If you really don’t want to change
If you insist on using an older version, you can do things to protect your MapTool server:
  • You can use the Direct Connect option; this is still risky since hackers scan for vulnerable IP addresses all the time. You can mitigate the risk by creating a whitelist through the router that allows only certain IP addresses to connect. Not all routers will support this option.
  • You can disconnect from the internet or block all incoming internet traffic and use your personal LAN (connect via the LAN tab).
  • You can create a VPN for your server and the other clients (also connecting via the LAN tab).
Despite these precautions, anyone allowed to connect to your server will still have access to abuse these exploits in the older versions of MapTool!

If you’re running into issues
We expect some macros may run into trouble when used in the new version. If you run into issues due to this upgrade:
  • paste a link to a downloadable version of the framework (either to a Discord post or a forum post), and
  • give clear instructions on what is needed to recreate the issue and with which MT version it does work.
We've opened up a channel in Discord (https://discord.gg/7RT6Nssr7Q) just for this purpose: mt-1-8-3-framework-issues

Why now, why this
We are aware that this will force you and your players to upgrade (if you're using the registry) which will bring its own hassle with it and we are sincerely sorry for that, but we don't see any other way. You might wonder about why now and why so rigorous: all complex software contains exploitable parts, if the software is properly written and managed then the risk of someone finding and abusing this, is very small (to give you an idea: this potential exploit remained 10 years undiscovered). HOWEVER, as soon as the exploit is found and fixed in open source software (which is the case for MapTool), anyone can check what has been changed in the code and immediately identify the exploit and use it!! So it automatically becomes a huge risk. Hence, it becomes our responsibility to mitigate this risk as much as possible, leading to this course of action.

Download link: https://github.com/RPTools/maptool/releases/tag/1.8.3

User avatar
lmarkus001
Great Wyrm
Posts: 1867
Joined: Sat Mar 29, 2008 12:30 am
Location: Layfayette Hill, PA

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by lmarkus001 »

Alas the installation is somehow broken.

After installation and launching MT for the first time, I go to Edit > Preferences. All of the Preferences tabs are grey and the last tab: Startup has information stating:

Activating Startup Preferences
MapTool is unable to copy the configuration file to the startup directory.
... lots more info about editing the MapTool.cfg file ...

If OK out and close, then on reload I get an error dialog. And at no time can I edit the cfg data using the Preferences dialog.

I have tried the exe and the msi in Windows.

User avatar
Azhrei
Site Admin
Posts: 12070
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Azhrei »

I presume you've already seen the discussion of this that Phergus posted on the Discord server. I'll recap it here for anyone not on Discord:

Startup Config for MT 1.8.3
Locate the maptool.cfg file under the app folder in your MapTool install directory. You can find the directory name by looking at the notes on the Preferences > Startup tab.

The following are examples. You shouldn't need to change ANY of them except for language for those in different locales, or if you had wildly different settings for your specific campaign. Be sure not to modify other settings. (If a setting isn't there and you want to add it, go ahead. Many may not be present in the default installation.)

Under [JavaOptions] you can add/set the following:

Code: Select all

-Xmx4G
- set max heap to 4G

Code: Select all

-Xms1G
- set min heap to 1G

Code: Select all

-Xss10M
- set stack size to 10M

Code: Select all

-Dsun.java2d.d3d=false
- disabled Direct3D

Code: Select all

-Dsun.java2d.opengl=true
- enable OpenGL

Code: Select all

-Djavafx.macosx.embedded=false
- initialize AWT before JFX (MacOS only)

Code: Select all

-Duser.language=en
- set MT locale to English

Other things to watch out for:
  • Using http will no longer work in campaign repositories; use https instead.
  • Some HTML markup isn't working and the general solution seems to be the addition (or removal) of extra quotes around element attributes (examples are primarily colors).
  • The code that checks GitHub for new versions may prompt over and over for you to update to v1.8.3. Just choose the "Skip this version" button.

slushbubs
Kobold
Posts: 3
Joined: Fri Feb 26, 2021 7:55 pm

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by slushbubs »

My Google Drive repositories for my campaign no longer seem to work. Is there an issue with repositories as a whole not working?

User avatar
Azhrei
Site Admin
Posts: 12070
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Azhrei »

No, not that I’ve seen reported. I presume the same URL still works in a web browser? (Although web browsers are more than just utilities to fetch web content...)

slushbubs
Kobold
Posts: 3
Joined: Fri Feb 26, 2021 7:55 pm

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by slushbubs »

Azhrei wrote:
Sat Feb 27, 2021 9:37 am
No, not that I’ve seen reported. I presume the same URL still works in a web browser? (Although web browsers are more than just utilities to fetch web content...)
yeah it still leads to the same place on the web. It's weird.

Big_Mac
Dragon
Posts: 631
Joined: Thu Aug 17, 2006 10:37 am
Location: Brockton, MA
Contact:

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Big_Mac »

Minor issue. I just install 8.3 and ran fine. The update check says there is a newer version. So I downloaded and installed and it came up with the same message. This is the Windows EXE file installed on Windows 10.
--
Big Mac

User avatar
Azhrei
Site Admin
Posts: 12070
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Azhrei »

slushbubs wrote:
Azhrei wrote:No, not that I’ve seen reported. I presume the same URL still works in a web browser? (Although web browsers are more than just utilities to fetch web content...)
yeah it still leads to the same place on the web. It's weird.
It's probably because of a redirect. As I said, the browser does a lot of work behind the scenes that most programming languages don't automatically take care of, such as following redirects.

Open it in a browser, then copy/paste the URL from the browser's address/location field as the campaign repository URL.
Big_Mac wrote:
Sat Feb 27, 2021 10:37 am
Minor issue. I just install 8.3 and ran fine. The update check says there is a newer version. So I downloaded and installed and it came up with the same message. This is the Windows EXE file installed on Windows 10.
You didn't read my post, did you? The last line addresses this. :)

Big_Mac
Dragon
Posts: 631
Joined: Thu Aug 17, 2006 10:37 am
Location: Brockton, MA
Contact:

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Big_Mac »

Um, nope! I trust the installers so I did not read all the way through :mrgreen: . Glad to know it's a known thing. 8)
--
Big Mac

slushbubs
Kobold
Posts: 3
Joined: Fri Feb 26, 2021 7:55 pm

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by slushbubs »

Azhrei wrote:
Sat Feb 27, 2021 2:06 pm
slushbubs wrote:
Azhrei wrote:No, not that I’ve seen reported. I presume the same URL still works in a web browser? (Although web browsers are more than just utilities to fetch web content...)
yeah it still leads to the same place on the web. It's weird.
It's probably because of a redirect. As I said, the browser does a lot of work behind the scenes that most programming languages don't automatically take care of, such as following redirects.

Open it in a browser, then copy/paste the URL from the browser's address/location field as the campaign repository URL.
Big_Mac wrote:
Sat Feb 27, 2021 10:37 am
Minor issue. I just install 8.3 and ran fine. The update check says there is a newer version. So I downloaded and installed and it came up with the same message. This is the Windows EXE file installed on Windows 10.
You didn't read my post, did you? The last line addresses this. :)
\

So I've tried multiple cloud sharing applications now and they are all giving me an error.

User avatar
Azhrei
Site Admin
Posts: 12070
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Azhrei »

slushbubs wrote: So I've tried multiple cloud sharing applications now and they are all giving me an error.
Well, I guess the last option then is to post the link here and let the community help figure out what's going wrong. (Note that some cloud storage sites require the URL to change, such as DropBox requires the use of dropboxusercontent.com and the query string changes from "dl=0" to "dl=1", IIRC.)

User avatar
Full Bleed
Demigod
Posts: 4608
Joined: Sun Feb 25, 2007 11:53 am
Location: MD
Contact:

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Full Bleed »

lmarkus001 wrote:
Wed Feb 17, 2021 4:06 pm
Alas the installation is somehow broken.

After installation and launching MT for the first time, I go to Edit > Preferences. All of the Preferences tabs are grey ...
Azhrei wrote:
Wed Feb 17, 2021 6:34 pm
I presume you've already seen the discussion of this that Phergus posted on the Discord server. I'll recap it here for anyone not on Discord:

Startup Config for MT 1.8.3
Locate the maptool.cfg file under the app folder in your MapTool install directory. You can find the directory name by looking at the notes on the Preferences > Startup tab.
Seems like this info should be posted more prominently somewhere on the main RPtools website or here as it's still an on-going issue in 1.8.5.
A link to it for each new version that's released with the issue would probably be a good idea, too.
-Xms1G

- set min heap to 1G
Is this a suggested amount now? Historically, I've seen much lower numbers... and I've set this to something very low like 64M... not 25% of Max.
-Xss10M

- set stack size to 10M
And this is also much higher than I've typically done. Almost to the level where it used to be problematic for some low mem users. The only framework I can remember needing this high was Rumbles', iirc. And I've typically used something like 4-5M without issue.

Is a 10M stack now a more expected starting point?

Just trying to figure out if there are some new standards with all the new capabilities...
Maptool is the Millennium Falcon of VTT's -- "She may not look like much, but she's got it where it counts."

User avatar
Azhrei
Site Admin
Posts: 12070
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Azhrei »

Full Bleed wrote:
Tue Apr 20, 2021 5:29 pm
Seems like this info should be posted more prominently somewhere on the main RPtools website or here as it's still an on-going issue in 1.8.5.
Done. Check out the updated wiki page and see what you think. I basically copied Phergus' notes from Discord and cleaned them up a bit for wiki formatting. I also updated the Release page (with the downloads) so it references that same wiki page.
- set min heap to 1G

Is this a suggested amount now? Historically, I've seen much lower numbers... and I've set this to something very low like 64M... not 25% of Max.
Craig believes that there's no benefit to setting a smaller number and letting it incrementally increase until it hits the maximum — just start with the maximum as the minimum. There is some basis for this as a single large allocation may be more efficient for the operating system, and it guarantees that MapTool doesn't suddenly run out of memory at some future time (probably in the middle of a game session!).

In the end, it's up to you obviously, but it's probably the safest route.
- set stack size to 10M

And this is also much higher than I've typically done. Almost to the level where it used to be problematic for some low mem users. The only framework I can remember needing this high was Rumbles', iirc. And I've typically used something like 4-5M without issue.

Is a 10M stack now a more expected starting point?
As you pointed out, it depends on the framework. There are some pretty sophisticated FWs out there now and if we are expected to provide a number that works for everyone, then...?



<aside>
One of the things I hate most about Java is the antiquated memory management in terms of playing nicely with the rest of the OS. I understand why it was done that way, but I don't have to like it.
</aside>

User avatar
Full Bleed
Demigod
Posts: 4608
Joined: Sun Feb 25, 2007 11:53 am
Location: MD
Contact:

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Full Bleed »

Azhrei wrote:
Tue Apr 20, 2021 6:57 pm
Full Bleed wrote:
Tue Apr 20, 2021 5:29 pm
Seems like this info should be posted more prominently somewhere on the main RPtools website or here as it's still an on-going issue in 1.8.5.
Done. Check out the updated wiki page and see what you think. I basically copied Phergus' notes from Discord and cleaned them up a bit for wiki formatting. I also updated the Release page (with the downloads) so it references that same wiki page.
Thanks.
Craig believes that there's no benefit to setting a smaller number and letting it incrementally increase until it hits the maximum — just start with the maximum as the minimum. There is some basis for this as a single large allocation may be more efficient for the operating system, and it guarantees that MapTool doesn't suddenly run out of memory at some future time (probably in the middle of a game session!).

In the end, it's up to you obviously, but it's probably the safest route.
Ok. I'll just start suggesting that players set both Min and Max to be 25% of their system memory. I think MT does have a Max default now that's based on system... perhaps it should also just set Min to Max now.
- set stack size to 10M

And this is also much higher than I've typically done. Almost to the level where it used to be problematic for some low mem users. The only framework I can remember needing this high was Rumbles', iirc. And I've typically used something like 4-5M without issue.

Is a 10M stack now a more expected starting point?
As you pointed out, it depends on the framework. There are some pretty sophisticated FWs out there now and if we are expected to provide a number that works for everyone, then...?
I wish there was some way in MT to see what stack was needed/being used for a particular framework. Figuring this out seems like a guessing game. With my framework I had everyone using 4M with no problem... all except for one guy. I think he threw stack errors on 4 and 5 and I had him at 6... but I always wondered if he had something else running on his system that caused that since no one else ever had an issue (myself included who, I assume, is probably running the most memory intensive actions far more often.)
<aside>
One of the things I hate most about Java is the antiquated memory management in terms of playing nicely with the rest of the OS. I understand why it was done that way, but I don't have to like it.
</aside>
Yeah, fortunately, the days of 1 and 2G 32 bit systems are of the past... and 8G+ systems seem to be more the norm leaving plenty for both the system and the most demanding MT frameworks. But the java memory voodoo has always been a bit of a bother.
Maptool is the Millennium Falcon of VTT's -- "She may not look like much, but she's got it where it counts."

User avatar
Azhrei
Site Admin
Posts: 12070
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: MapTool 1.8.3 Released [ALL PREVIOUS VERSIONS WILL STOP WORKING!!]

Post by Azhrei »

Full Bleed wrote:
Wed Apr 21, 2021 12:21 am
Yeah, fortunately, the days of 1 and 2G 32 bit systems are of the past... and 8G+ systems seem to be more the norm leaving plenty for both the system and the most demanding MT frameworks. But the java memory voodoo has always been a bit of a bother.
And MT now generates more threads than it used to — the auto-pathing spans four threads by itself, and the various HTML5-capable stuff creates at least one thread, possibly more depending on what's going on inside. While a 10M stack is small compared to 2G of max heap, it adds up when you've got 20-25 threads going. And it's really only the parser that needs that space anyway, but there's no way to set the value for just a single thread. :(

Post Reply

Return to “Announcements”