v5 Changelog

In this build

• Performance optimizations

• New Word & Phrase Filter 'multi-message-scan' option enabled by default, that in addition to scanning each message individually, merges user's recent messages and scans them as one to combat evasion by splitting blocked entries into multiple messages

• New Word & Phrase Filter 'bidirectional-scan' option enabled by default, that in addition to regular message processing, processes all blocklist entries (except regex:: entries) that are >= 4 chars in reverse to combat evasion by writing blocked entries backwards

• Fixed a bug that could cause messages to fail to be cancelled when they were blocked by the Word & Phrase Filter under certain circumstances

• Reorganized Word & Phrase Filter config layout

In this build

• New 'quiet-startup' config option (false by default) that makes ChatSentry's startup less verbose in the console

• Corrected an issue with Chat Executor logic flow that made only one flagged entry (if multiple) warn the user and send an admin notification (if no {dont_notify} was present on the entry)

• Fixed Anti Chat Flood max word length trigger failing to call an API ModuleTriggerEvent

• API version 1.1.0 is now released and makes ModuleTriggerEvent cancellable. * You can download the updated API jar here * View the API Docs here

In this build

• Fixed an issue that caused the Word & Phrase Filter to still auto warn when censored in some instances for entries with no modifier, even when autowarn-when-censored = false

• As anvils, signs, and books do not support the Word & Phrase Filters censor (detections are always fully blocked, not edited), send-block-message-when-censored is now always true under those contexts to ensure there is feedback to the user instead of silently blocking what would be censored chat/command content, in the case that send-block-message-when-censored = false. This keeps behavior consistent across contexts to ensure a block message appears to the user when their content is fully blocked.

• Refactoring & improvements to Unicode Remover logic

• Fixed the Unicode Remover flagging hex/colorcodes in some contexts

• Fixed inconsistent character whitelist behavior in the Unicode Remover

• A list of the modules overriding bypass permissions (override-bypass-permissions in main config) now appears in /chatsentry info

• All enabled modules that support more than one context now show the contexts that are enabled for them as well in /chatsentry list

• Slightly new styling for /chatsentry help and /chatsentry info

This update fixes an issue with module contexts resetting after server restart on plugin versions 5.8.0-PRE & 5.8.1. All users are recommended to update to this version and verify that their module contexts are properly enabled if updating from version 5.8.0-PRE or 5.8.1. ​ In this build

• Fixes an issue with 5.8.0 config migration rerunning on 5.8.0-PRE and 5.8.1, causing module contexts to reset on every server reboot.

• If your config is detected as affected, an alert will display to operators on join to notify you that modules are enabled but all their contexts are disabled.

In this build

• New 'truncate-unsafe-chat' main config option, enabled by default that determines whether unsafe player chat exceeding the vanilla length limit should be truncated. A recent vulnerability allows certain servers to accept command packets with lengths far past the reasonable 256 limit, up to 65,536 characters long per command. It's recommended to keep this enabled, as extremely large inputs can be disruptive and cause crashes or issues with other plugins.

This is a pre-release This release includes large code changes. While tested, edge-case bugs may exist. Backing up your config files and databases, or waiting for a stable build, is recommended in the rare case issues occur during migration. ​ In this build

• Enabled contexts can now be individually configured on a per-module basis instead of globally in the main config. Contexts can be managed under each module where they are enabled. This allows for more granular control of enabled filters in each context. Your configuration and preferences will be migrated automatically.

• Module config toggles now have their own module-name sections, with an enabled toggle and context toggles (if the module supports multiple contexts), replacing the old enable-module-name nodes. Your configuration and preferences will be migrated automatically.

• Updated main config and module config comments as necessary to reflect the changes in context control

• Major Word and Phrase Filter improvements and optimizations

• Exposed the new recursion depth limit in config.yml, under a new Advanced section at the bottom. This value defines the maximum number of recursive string processing operations that may run for a single input. If the limit is exceeded, processing is terminated and the message is fully blocked. This guards against potential StackOverflow errors before they happen and avoids wasting compute on redundant processing.

• Fixed lockdown kick messages failing to read from lang.yml

• Fixed Anti Statue Spambot ModuleTriggerEvent calling prematurely, resulting in it still calling even if the executed command was whitelisted

This is a pre-release This release includes large code changes. While tested, edge-case bugs may exist. Backing up your config files databases, or waiting for a stable build, is recommended in the rare case issues occur during migration. In this build

• Resolved potential for DataTruncation errors during database writes

• MySQL/SQLite schema updates and improvements. Migration of old data occurs automatically

• Corrected inconsistencies between MySQL and SQLite data types and capacities to be 1:1

• Implemented regular expression recursion tracking and gating to all operations across all modules to prevent stack overflows and crashes when processing extremely large inputs. In the case recursion depth is exceeded, the event is blocked/canceled fully to prevent unfiltered content from passing through

• Violation lookups now run fully async to prevent disrupting performance with large indexes

• Word and Phrase Filter improvements

In this build

• Added 52 missing ASCII lookalike unicode characters to the Unicode Remover's compatibility mode

• Improvements to the Link & Ad Blockers disallowed link/domain detection capabilities

• Fixed the Link & Ad Blocker throwing ArrayIndexOutOfBoundsException when a message with a disallowed link/domain contained an additional slash surrounded by spaces (" / ")

In this build

• Fixed a performance vulnerability with the Word and Phrase Filter that could trigger a StackOverflowError under some circumstances

• Significantly improved Word and Phrase Filter whitelist handling, as well as other input processing

• Fixed StringIndexOutOfBoundsException occurring with command inputs under some conditions

In this build

• Updated to the most recent TLD list from IANA (v2025082100 Aug 21)

• Fixed ArrayIndexOutOfBoundsException occuring from the Link and Ad Blocker when certain characters appeared before links

• Fixed module bypasses using certain characters in Chat Cooldown, Word and Phrase Filter, and Link and Ad Blocker

In this build

• Updated to the most recent TLD list from IANA (v2025052200 May 23 25)

• Optimized Auto Punisher auto warning expiry scheduling

• Improvements to Link and Ad Blocker's accuracy

• Fixed a StackOverflowError case with particular character sequences in the Word and Phrase Filter

In this build

• Updated to the most recent TLD list from IANA (v2025022700)

In this build

• Updated to the most recent TLD list from IANA (v2024091000)

• Fixed Anti Chat Flood counting colorcodes in max word length

• Improvements to the Word & Phrase Filter and Link & Ad Blocker

This release is a continued patch from config sync exploit. It is advisable for all servers to update to this release ASAP.​ In this build

• Prevents Auto Punisher executing various malicious commands used in the exploit. Please review your auto punisher file to ensure no unauthorized modifications have been made to punishment commands.

• Fully deregistered all Bungee messaging channels from ChatSentry.

This release patches a newfound critical exploit using ChatSentry configuration syncing. A full fix is in the works, but in the meantime this feature has been disabled for security. If you are a network please update to this build ASAP. ​ In this build

• Temporarily disable exploitable network features while a fix is developed.

In this build

• Support for MC 1.21. Please report any issues to my support Discord, thank you and enjoy!

• Updated to the most recent TLD list from IANA (v2024061600 Jun 16 24)

In this build

• Explicit support for MC 1.20.6. Please report any issues to my support Discord, thank you and enjoy!

In this build

• Resolved an update checking issue present in 5.5.7

• Improved sign and anvil listener compatibility

In this build

• Explicit support for MC 1.20.5. Please report any issues to my support Discord, thank you and enjoy!

• Updated to the most recent TLD list from IANA (v2024042700)

In this build

• Patches a critical issue. All users should update on all Spigot servers (proxy is not required)

• Minor improvements to the Word & Phrase Filter, Spam Blocker, and Link and Ad Blocker

• New {CONTENT} placeholder for Auto Punisher command actions that returns the players full message that triggered the auto punisher warning

In this build

• Minor patch fully removing some debug messages from the last release

In this build

• Fixed various bypasses and edge cases with the Word & Phrase Filter. Bypasses for particular kinds of entries could be spammed and cause the server to become overloaded, so it's recommended you update to this release sooner than later

• Substantial improvements to the accuracy and reliability of the Word & Phrase Filter censor

• New per context partial bypass permission for the Word & Phrase Filter "chatsentry.wordandphrasefilter.partialbypass.<context>" where <context> represents the context to apply the partial bypass, ex. chat, command, sign, etc. This permission bypasses all blocked entries APART from entries with the 'nocensor::' modifier (This modifier is intended to represent entries that should be blocked entirely instead of just censored, but it is also usable even if the censor is disabled). This is useful if you wish to allow users to write some blocked entries freely in commands or another context that would otherwise be censored (or blocked if the censor is disabled). It's important to distinguish this permission from the standard bypass permission, "chatsentry.wordandphrasefilter.bypass" that fully bypasses the module, including 'nocensor::' entries

• Fixed Unicode Remover with compatibility mode disabled incorrectly flagging certain content in chat and commands

In this build

• Updated to the most recent TLD list from IANA (v2024021100)

• Resolved various Link and Ad Blocker false positives

• Resolved various Word and Phrase filter bypasses related to censor failures

• If an exception occurs during censoring, the Word and Phrase Filter now blocks the entire message from being sent

• New 'ignore-usernames' option in the Link and Ad Blocker that when enabled removes usernames from the input message before the module checks for links. Useful if player names can contain periods or other special characters in your server.

• Fixed the anvil processor removing formatting on item names when it flags a module

• The command processor now listens on the earliest priority to have a better chance of compatibility with other plugins listening on command preprocess

• Word and Phrase Filter's substitution intelligence no longer applies to commands to prevent accidental conflicts with command arguments

In this build

• Accuracy improvements to the Spam Blocker's singular message spam processor

• Chat Executor now uses a more reliable context processing method

• Fixed a stack processing issue that made Chat Executor set-matches-as flags be unreliably respected

• Fixed Chat Executor API trigger event calling when no patterns matched

• Fixed Chat Executor sending Discord Notifier notifications regardless of {dont_notify} flags

• Fixed global admin notifier notifications not respecting players with notifications toggled off

• Updated to the most recent TLD list from IANA (v2023120200)

In this build

• Fixed Chat Executor set-as modifiers appearing in the result message

In this build

• Fixed 400 bad request error when using DEFAULT for the footer-icon option in Discord Notifier

• Fixed an issue with Unicode Remover not respecting ignored characters

• Fixed override bypass perm option for Unicode Remover not working for signs

In this build

• Patches a critical issue. All users should update on all servers, including the proxy if a network

• Fixed startup error on some configurations related to Discord Notifier

• Fixed an issue related to the sign listener that caused false positives with certain styling

In this build

• Fixed potential module startup issues with certain configurations

• Resolved an issue with lockdown modes not reading or writing to the config properly

In this build

• The Link & Ad Blocker module is now utilizing the latest TLD list from IANA (v2023110200)

• Players now require the 'chatsentry.manualwarnings.see' permission in order to see manual warning broadcasts

• Discord Notifier footer text and image icon can now be configured in the modules config using footer-text and footer-icon options.

• Fixed Chat Executor player message or broadcast message actions appearing before the players chat message in chat

• Fixed potential StackOverflowError from the Word and Phrase Filter when filtering commands under rare circumstances

In this build

• Dependency updates to fully support 1.20.2

In this build

• New outside-embed-content config options for Discord Notifier notifications that let you ping users/roles or add other text to be sent before the embed

• Various improvements to event handling aimed to increase compatibility with other plugins doing similar things

• The Link & Ad Blocker module is now utilizing the latest TLD list from IANA (v2023091800)

In this build

• Fixed multiple issues with the unicode remover improperly processing content and sending invalid admin notifier notifications

• Improvements to the link & ad blockers accuracy to further reduce false positives

• Updated to the most recent TLD list from IANA (v2023090200)

• Minor improvements to various default module configs for out of box functionality

In this build

• New 'respect-cancelled-events' option in the main config that determines whether ChatSentry should process chat, command, anvil, sign, etc. events that are cancelled/prevented by other plugins. This is enabled by default. Generally, you should only disable this if you have issues with compatibility with other plugins or want ChatSentry auto punisher warnings to continue to accumulate even when players are muted by another plugin

In this build

• Fixed issue with unicode removers ignored-chars not being respected

• Fixed an issue with the word and phrase filter that let players bypass the filter by adding non-alphanumeric characters before their message

• Updated to the most recent TLD list from IANA (v2023082100)

HOTFIX #1:

• Fixed debug messages from the unicode remover appearing

In this build

• Fixed an issue that caused messages with color in them to trigger the unicode remover under some configurations

• The unicode removers config option ignored-unicode-characters now uses a regular yaml list format. Existing configs should not be affected

• Fixed {NL} newline symbol not working in global admin notifier messages cross server

• Updated the top level domain list utilized by the Link & Ad Blocker's only-filter-tlds option to the most recent version from IANA (2023080800, Aug 8 23)

In this build

• Fixed an issue with Russian characters being caught by unicode remover on compatibility mode

• Chat listener adjustments for increased compatibility with other chat plugins

• Fixed an issue with the unicode remover sending invalid sign admin notifications

• Added a new chatsentry.thankyoumsg permission that may be exempted to prevent the initial installation Thank you pop up message to ops from being shown. This is only useful for select circumstances where you may be creating many servers with a fresh ChatSentry installation and do not want to have to run /kcs hidemsg on each

This update contains a critical patch to the unicode remover module’s compatibility mode on 1.20.x servers. It's advisable to update as soon as possible if you are running or plan to run 1.20.x and use the unicode remover.​ In this build

• 1.20 adds support for a much wider range of unicode. Unicode removers compatibility mode has been updated with further A-Z lookalike characters, now checking against 1,953 total characters.

• ChatSentry should now respect mutes and not process the cancelled message through modules

• Updated to the most recent TLD list from IANA (v2023072502)

HOTFIX #1

• Unicode removers compatibility mode now properly reads unicode characters outside the Basic Multilingual Plane

HOTFIX #2

• Fixed a typo in the first start start thank you message

In this build

• Support for Minecraft 1.20

In this build

• Fixed a typo in the footer of discord notifications

In this build

• Fixed chat executor firing if another module blocked the message

• Increased the leniency of the ignore-short option in anti parrot

• Adjusted footer text in discord notifications

• Updated to the most recent TLD list from IANA (ver 2023053100). XN-- domains were omitted

• Potentially increased compatibility with other chat plugins doing similar things

• Fixed modules firing for muted players, this should be compatible with most chat plugins that listen to and cancel the event on first (LOWEST) priority (ChatSentry listens on LOW)

• Fixed {NL} not working in console on admin notifier messages

In this build

• Various minor optimizations, some tasks have been moved off the main thread

In this build

• Fixed an issue that caused BungeeCord support to fail to initalize. You will have to update the plugin on the proxy & individual servers

• Improvements to Link and AD Blocker's extra sensitivity mode. It is still not recommended unless you deal with excessive advertising due to its high false positive rates

• Updated to the most recent TLD list from IANA (ver 2023020400). XN-- domains were omitted

• Fixed StackOverflowError in Word & Phrase Filter when attempting to censor messages that began with an exclamation point

In this build

• Fixed an issue where the Link & Ad Blocker would block whitelisted domains/links with https

• Updated to the most recent TLD list from IANA (ver 2022112300). XN-- domains were omitted

• Fixed an issue where auto punisher warning expiry in mass amounts would cause the server to hang

• Patched rare database disconnect issue

• Code cleanup & performance improvements

In this build

• Significant code cleanup & optimizations

Additions

• 1.19 support

Improvements

• Link & Ad Blocker improvements & false positive fixes

Improvements

• Link & Ad Blocker improvements & optimizations

Fixes

• Resolved auto grammar incorrectly capitalizing two letter words at the start of messages

Improvements

• Resolved additional Link & Ad Blocker false positives in relation to extended period use

• Updated to the most recent TLD list from IANA

• Modified the TLD list to exclude especially uncommon tlds for better module accuracy

• Added 6 additional default whitelisted domains most servers would likely allow to the Link & Ad Blocker configuration for a better setup experience for this module

Improvements

• Resolved numerous Link & Ad Blocker potential false positives

• Various code optimizations

Improvements

• Fixed the Link & Ad Blocker failing to respect whitelisted domains if they included a protocol

Improvements

• The Word & Phrase Filter will no longer to attempt to censor segments over 15 characters to prevent excessive resource usage, as the longer the input the more work the plugin has to do to analyze the content

Fixes

• Fixed potential StackOverflowError related to the Word & Phrase Filter censor caused by very short blocked entries

Additions

• New 'notify-when-censored' option added to the Word & Phrase Filter's censor options. This option determines whether the module should send Admin Notifier notifications when a message is censored. When set to false false notifications will only be sent when the censor fails to censor a message and has to block it entirely, or a nocensor:: entry is triggered. This option requires the Admin Notifier module to be enabled to take effect.

Improvements

• Improvements to the Word & Phrase Filter's censor. Symbols embedded within blocked entries can now be processed by the censor, reducing the rate the censor fails and has to block a message entirely

• Improvements to the Word & Phrase Filter's partially-censor options internals. Fixed the potential for the module censoring extra parts of detected messages unrelated to the actual censored content

• Improvements to the Link & Ad Blocker's subdomain detection. Links with any amount of subdomains are now supported instead of just one subdomain

Fixes

• Fixed the Link & Ad Blocker failing to detect links that started with a slash (ex. 'example message /google.com')

• Fixed the Link & Ad Blocker failing to detect links with ports (ex. 'some.domain:25565')

Additions

• New 'block-singular-message-spam' option for the Spam Blocker that lets the module block on a message-by-message basis messages that are likely be spam. Ex. players repeating the same or similar word or phrase over and over in the same message. Messages are determined as spam using a newly developed algorithm that takes character sequence repetition, word diversity, and character diversity into account. This option comes with a 'singular-message-spam-processor-sensitivity' sub-option that determines how sensitive the singular message spam component should be. Though new, this feature has been tested across thousands of production server chat messages and is considered stable. If you encounter any issues, please report them

• New Spam Blocker lang message 'singular-message-spam-trigger' that shows when a singular message is flagged as spam by the module

Fixes

• Fixed the sign listener removing colorcodes from signs

• Fixed potential for a SQL error when logging certain content

• Fixed {PLAYER} placeholder in the Anti Relog Spam module failing to parse

In this build

• Potentially fixed EOFException related to network sync

• Fixed potential NPE caused by ignored unicode char processing