As with the 0.6.3 release, a reported security vulnerability motivated this release: This time, the security vulnerability is worse, attacker controlled memory-writes and possibly arbitrary code execution on the client, abusable by any server the client joins.

The changelog:
Bug fixes

• Fix the above-mentioned security vulnerability in the client (ff25472).


• Fix a read of uninitialized memory that is sent over the network, from the server (7dd463d).


• Fix decoding of overlong UTF-8 sequences to non-invalid code points, leading to possible duplicate names (#1373, 205dbce).


• Drop connected packets that come from a formerly connected server in the client (#1356, 2057808).


• Use a different port for connless messages, increasing the difficulty of successful IP spoofing (7c43b76).


• Make spoofing of server info packets harder (8af77b6).


• Fix spoofing for vital chunks, and require most chunks to be vital (f457b58).

Other changes

• Sort by player count by default, instead of server name (1b2a91f).


• Add a cooldown on unpause (#1365, 56e366a).

Go download it now!