"Failed to connect - Outdated server!" intentional due to Heartbleed?

[freecomkcf]

i probably don't need to explain the Heartbleed bug to all of you, but for those who are too lazy to Google it, basically "2/3rds of the Internet" is now compromised because of a computer science 101 coding mistake in OpenSSL, a widely-used security library.

 

is the downtime in response to this security incident? i hope it is, because i'm getting sick and tired of changing passwords right now lol

[brianherman]

Are you using 1.7.6 or 1.7.7 because I don't think those are compatible with the server.

[roastnewt]

No, it's not.  Minecraft version 1.7.7 was released today, and your client must've automatically updated.  The nerd servers have not yet updated, so 1.7.6/1.7.7 clients cannot connect.  If you want to connect to the nerd servers, you'll have to downgrade to 1.7.5 at least.

Edited April 10, 2014 by roastnewt

[freecomkcf]

No, it's not.  Minecraft version 1.7.7 was released today, and your client must've automatically updated.  The nerd servers have not yet updated, so 1.7.6/1.7.7 clients cannot connect.  If you want to connect to the nerd servers, you'll have to downgrade to 1.7.5 at least.

hm... well doing that will just defeat the purpose of me even changing my Minecraft password, so i think i can hold off for a bit

[coolgamerovr90]

Never heard of "HeartBleed", most of the sites I go to use Microsoft's IIS SSL, so that's probably why

[Elephant Parade]

hm... well doing that will just defeat the purpose of me even changing my Minecraft password, so i think i can hold off for a bit

Uh, would it? I'm pretty sure that passwords have nothing to do with the game version. Passwords are probably launcher/server-based, which has nothing to do with the actual game version.

[freecomkcf]

Uh, would it? I'm pretty sure that passwords have nothing to do with the game version. Passwords are probably launcher/server-based, which has nothing to do with the actual game version.

in any case i haven't been playing minecraft much anyway because of lack of interest, college and dark souls 2 lol

 

but on a more serious note i'm just being cautious, for all i know pre 1.7.7 probably uses pre 1.0.1g OpenSSL

[Elephant Parade]

in any case i haven't been playing minecraft much anyway because of lack of interest, college and dark souls 2 lol

 

but on a more serious note i'm just being cautious, for all i know pre 1.7.7 probably uses pre 1.0.1g OpenSSL

It shouldn't. The actual game doesn't use OpenSSL. The launcher and/or the servers use OpenSSL, but the game does not.

[freecomkcf]

It shouldn't. The actual game doesn't use OpenSSL. The launcher and/or the servers use OpenSSL, but the game does not.

uh... isn't that kinda the whole point of updating the launcher in the first place? can't get to the game without signing in to the launcher, and if it's using heartbleed-vulnerable OpenSSL then... yeah. heartbleed is client-side as well as server-side.

[erdtzac_]

It's the game itself, not the launcher, that got updated. The vulnerability mentioned exists (e: used to exist) in server-side software and has nothing to do with your client.

Source: http://minecraft.gamepedia.com/Minecraft_launcher#History

Edited April 10, 2014 by erdtzac_

[totemo]

Would it be worth pinning a short post on connection issues at the top of the Problems & Issues forums section?

 

The post could cover:

• client updating (protocol changes), the current server versions and what clients are therefore able to connect (this text to be updated when the server updates).
• problems with Mojang's login and session servers, with a link to http://xpaw.ru/mcstatus/

That post would also be linked under the heading Connecting, subheading Problems? in the sidebar of the subreddit.

[Pyr0mrcow]

Definitely, good to have some sort of general info available to cover basic questions. Lot of servers do it in banners, but depending on if you've got a graphics guy or not that could be annoying to keep updated, heh.

[goldieboo]

When are the servers going to be updated?