List of Known Exploit Fixes - SWG-Source/swg-main GitHub Wiki
(c2833484 and 61070d8b (later adjusted via e11d527b)) Addresses a vulnerability in a controller message from the client that allowed sending a message from the client to delete any game object without server-side validation.
(65977703 and 8ed0a7cb) Addresses a vulnerability in buyback container item transfers.
(23c8f343) Addresses a scripting issue that created a vulnerability in certain client-side admin commands.
(f8a5b050) Adds additional level of validation to container opening admin commands.
(62edbcf6) Blocks using /open on a crafting tool to get generated items prior to completing the crafting process.
(315e1d53 and 6aa96f00 and b3d51a77) Addresses an exploit where stackable items could be sold to a junk dealer while in the player's toolbar and then retrieved from the buyback container unintentionally by clicking the item in the toolbar allowing a loop of selling and buying back the item.
(e5c9ef5b (later adjusted via e5536f68) Fixes an exploit that allows a player to loop using the /examine command and speed hack accelerate their movement.
(fb0b6407) Fixes an exploit that allows any Jedi Profession to request a robe from a Force Shrine if they don't have one in their inventory. The common exploit tactic involved requesting a robe, selling to a junk dealer, and repeating.
(0b7ba4c7) Disallows auctioning an item that isn't contained by a player to fix an exploit that allowed players to sell an item to the Bazaar and a Junk Dealer in close succession.
(d9ff25d0) Fixes an exploit that sometimes allowed non-admin players to execute certain console admin commands.
(e1268bc8) Corrects a bug that could be exploited to get behind certain collidable objects.
(36785b34) Adjusts how isGod checks are validated for additional security around parsing admin commands.
(b81ee4db (later adjusted via 39d77b6f) Forcefully disconnects clients which attempt to send unauthorized controller messages to prevent unintended communication.