Whether you are a new player or an experienced developer, welcome to our community.
A compilation of the most frequently asked questions about this game and the project behind it.
There were many reviews by print and web magazines. Don't hesitate to have a look at them.
Wesnoth 1.12.4, 1.13.1, and Security Advisory
Monday, June 29 2015
Wesnoth 1.12.4 — a maintenance release for the stable 1.12.x series — and Wesnoth 1.13.1 — the second 1.13.x development release — are now available. Both include various fixes and improvements made since the previous releases, as well as a fix for an important security vulnerability which allows a malicious user to steal add-on upload credentials. We urge content authors using any previous version to upgrade immediately.
Check the respective forum threads for these releases for a list of the most notable changes in both versions:
Wesnoth 1.12.4 — maintenance release
Wesnoth 1.13.1 — development release
See also our security advisory for previous versions.
The source code and the Windows installer files for both versions are already available on the downloads page. You may also find packages for other platforms there as they become available.
About Add-on Passphrase Security
Thursday, June 11 2015
Content creators who have published user-made add-ons to the Wesnoth add-ons server are surely aware that we currently use a very primitive authentication mechanism that works on a per-add-on basis. An uploader-defined passphrase is provided in the add-on’s
.pbl file and this is matched against the add-ons server’s records.
What is not necessarily obvious is that the passphrase is stored in clear text form not only on the client’s side, but also on the server. This means that any person with access to the server configuration can see every add-on’s passphrase in a human-readable format that makes it trivial for it to be stolen. Furthermore, it is also possible for add-ons to obtain add-on passphrases from the client and transmit them over the network. Because of this, we advise content uploaders to use unique passphrases for their content and never reuse an existing password that could grant a malicious party access to their systems or other sites. Also, in order to prevent vandalism, we suggest either using hard-to-guess passphrases, or leaving the passphrase field blank or omitting it altogether when first uploading an add-on so that the add-ons client will generate and save a random one instead.
People who suspect they may be using insecure passphrases for their add-ons should send a private message to the Forum Administrators group to request changing passphrases; or use the command-line add-ons client with the following parameters if possible, substituting the text within brackets and replacing
1.10.x if applicable:
wesnoth_addon_manager -p 1.12.x --change-passphrase <Addon_Folder_Name> <old passphrase> <new passphrase>