Serious vulnerabilities should be reported in private. The project will follow the patches and improvements applied by the source project.

This page will be updated with any notices about security issues in BungeeGuard.

• v1.2.0 released which fixes a security issue in the BungeeGuard Spigot plugin.
• The issue allowed malicious users to bypass BungeeGuard's authentication checks.
• All releases prior to 1.2 are affected.

• v1.4.6 released which fixes a security issue in the BungeeGuard BungeeCord plugin (upstream).
• An issue introduced in BungeeCord build 1756 caused the BungeeGuard token to be leaked to players using Minecraft 1.20.2 or higher via the LoginSuccess packet.
• This issue only affects BungeeGuard setups using BungeeCord, it does not affect Velocity proxies.
• Affected users are recommended to update to BungeeGuard v1.4.6 or later on their proxy, and rotate their BungeeGuard tokens.