Bug Fix: We have resolved a security vulnerability where players could exploit the system if the plugin detected 127.0.0.1 or a local IP address.

Previously, a local IP detection could allow the automatic login bypass to trigger incorrectly. This has been fixed: the bypass mechanism is now strictly disabled for 127.0.0.1 and all local loopback addresses to ensure player authentication cannot be spoofed.

Security Warning: If running behind a proxy (Velocity/BungeeCord), you must configure IP forwarding properly. If the plugin detects 127.0.0.1 as the player's IP, automatic login will now fail completely for that player rather than risking a security bypass for all local connections.

✨ New Features

🔄 /premium accept System Rework

Removed the intermediate confirmation step for faster usage.

The command now directly performs the Mojang verification and saves the IP.

---

ℹ️ New Command: /premium about

Added a detailed information section explaining how the plugin works.

Provides full transparency on data handling in compliance with GDPR.

---

🔒 GDPR Protection & AES Encryption

All IP addresses stored in linked.yml are now encrypted using AES-128.

Even if configuration files are accessed, player IPs remain unreadable in plain text.

IP addresses are only decrypted in memory during player connection.

---

⚙️ Full Control (Global Toggle)

Added the enableplugin setting in the configuration.

If set to false, the plugin is fully disabled (commands and bypass), ensuring maximum safety during maintenance.

---

⚙️ Technical Improvements

📁 Full config.json (or config.yml)

All messages without exception (success, errors, help, warnings) are now fully customizable.

Centralized handling of the plugin disabled error message.

---

🔐 Secure IP Display

The /premium list sure command only displays decrypted IPs after explicit confirmation from the user.

Prevents accidental IP leaks during streams or screenshots.

---

🧹 Code Cleanup

Improved asynchronous task handling for Mojang API requests.

Optimized performance and reliability.

✨ Main additions

✅ Improved compatibility and robust handling of the bypass feature during the login sequence.

✨ Main additions

✅ Full compatibility with Paper 1.21.5 up to 1.21.9.

✅ Plugin forced to load after AuthMe via depend: AuthMe in plugin.yml

✅ Use of secure Reflection for AuthMe API (forceLogin, isAuthenticated)

✅ Login execution scheduled with a one-tick scheduler to ensure AuthMe is ready

✅ Silent handling of already logged-in players (isAuthenticated) to prevent duplicates

✅ Support for hybrid offline/online mode

✨ Main additions

The command /premiumbypass has been changed to /premium.

Version 1.1 – October 21, 2025

✨ Main Additions

Support for premium bypass based on multiple IP addresses for each player.

🛠 Improved Features

Adapted linked.yml file management to store multiple IP addresses per player.

Verification and activation of the bypass for all registered IP addresses.

🐞 Bug Fixes and Stability

Secure saving of multiple IP addresses in linked.yml.

IP address verification before activation to prevent conflicts.

⚡ Additional Notes

Players must be authenticated via AuthMe before activating the bypass.