Three denial of service attacks (or accidents)
have been fixed. Forged
clients could crash or freeze a server by sending
wrong data that was
left unchecked, and a clumsy remote administrator
could freeze the
server by entering commands that produce too much
fixes all of that.
Some smaller improvements and bugfixes went into this release. Console and chat now have a history function, spectators are now visible to other players and can chat and be kicked, and team management has been sanitized a bit.
Some bugs of lesser importance have been fixed
since 0.2.8.1. Under rare circumstances, cycles
could pass through each other's trail, for
example. New features include a history for the
chat and console input fields, the ability for
spectators to be seen and to chat with each other,
some rudimentary control of players over the team
formation using chat commands, and more tricks for
the cycle trail length.
Two security fixes were made since 0.2.8.0_rc4: A
malicious server administrator was able to inject
files in arbitrary positions on connecting
clients, provided there was no file there
initially; and a malicious remote server
administrator, often chosen to be an ordinary
player, could read arbitrary files partially.