promotional bannermobile promotional banner

OPShield

Protects your server from OP/admin abuse with console-only OP (via password) and optional admin command restriction.
Download

File Details
Download

opshield-1.5.0.jar

ByDuong2012G
  • R
  • Apr 20, 2026
  • 35.27 KB
  • 11
  • 1.21.11+11

File Name

opshield-1.5.0.jar

Supported Versions

  • 1.21.11
  • 1.21.10
  • 1.21.9
  • 1.21.8
  • 1.21.7
  • 1.21.6
  • 1.21.5
  • 1.21.4
  • 1.21.3
  • 1.21.2
  • 1.21.1
  • 1.21

[1.5.0] — 2026-04-19

Bug fixes

Medium severity

  • sensitiveCommandHistory now persisted to data.yml — the auto-punishment rolling window survived previously only in memory, allowing players to bypass the threshold by timing restarts or crashes. Timestamps are now written on every dirty flush and restored on startup; stale entries outside the configured window are discarded automatically on load.
  • Shadow-ban level escalation is now enforcedplayerShadowBanLevel was incremented and stored but never acted upon. A new config key shadow_ban.auto_punish_level (default 3) defines the threshold at which the level triggers real auto_punishment and then resets. Requires auto_punishment.enabled: true.
  • Firewall script no longer blocks the main threadexecuteFirewallBlock previously called Runtime.getRuntime().exec() synchronously, which could freeze the server if the script was slow. It now runs asynchronously via ProcessBuilder with a configurable hard timeout (auto_punishment.firewall_timeout_seconds, default 10). The player is kicked immediately on the main thread; the OS script executes in the background.

Low severity

  • unlockIdentifier() now clears sensitiveCommandHistory — previously, /opshield unlock cleared all other tracking maps but left sensitiveCommandHistory intact, causing inconsistent state after a manual unlock.
  • getMsgPlain() replaced fragile color-strip logic — manual replace('&X', "") calls missed several color codes and decorators. Now uses Adventure's PlainTextComponentSerializer for correct, future-proof plain-text extraction.
  • Multi-file audit log rotationAuditLogger previously kept only one backup file (audit.log.1), permanently overwriting it on every rotation. Rotation now shifts files: audit.log.1audit.log.2 → … → audit.log.N. Controlled by audit.log_retention (default 3).
  • Config validation for auto_punishment.command — an unrecognized mode with no custom_command set now prints a clear console warning on load and reload instead of silently falling back to a potentially unexpected behaviour.

New config keys

Key Default Description
shadow_ban.auto_punish_level 3 Shadow-ban level threshold that triggers auto-punishment
audit.log_retention 3 Number of rotated audit log backup files to keep
auto_punishment.firewall_timeout_seconds 10 Max seconds before a hung firewall script is force-killed