From what we currently know a developer found a serious bug in Minecraft some time during 2013, this bug could be used to crash any server by sending it a specially crafted packet that would consume huge amounts of ram and processing power to process but only a tiny amount to create and send to the server.

This bug should have been an easy enough fix, reasonable limits on the complexity of NBT objects or even disabling the ability for clients to send random NBT objects as their use cases are limited enough that replacing them with a much less vulnerable method of transferring data would be feasible.

Regardless of both of these realities Mojang has, after two years, not patched the issue in any capacity which lead to today’s 0-day disclosure of the bug to the public.

A fix for this issue will have to occur at the Spigot level or lower. Spigot has already released their patch. This leaves us with two options, accelerate our movement to 1.8 or attempt to backport Spigot’s fix to our own version.

Backporting the fix to the new spigot version does not look like it will be too difficult, but its possible complications will arise, for the time being be prepared for the server to go down at any moment and stay down for up to a day or two while we sort out backporting the fix or updating to 1.8.

In the meantime I will be accepting votes as to the best alternate game to host on the Civcraft server, traditional Map rotation TF2, maybe we could play around in Minetest, all suggestions are welcome.

Edit: Most major servers are either down or patching as we speak, in an effort to prevent corruption civcraft is going to go down until we have a fix.

Edit2: TF2 and Gmod servers are up.