The Battle for Wesnoth

The Battle for Wesnoth is a Free, turn-based tactical strategy game with a high fantasy theme, featuring both single-player, and online/hotseat multiplayer combat. Fight a desperate battle to reclaim the throne of Wesnoth, or take hand in any number of other adventures... more »

The development team is proud to release version 1.12 of The Battle for Wesnoth. We really hope you enjoy Wesnoth 1.12 as much as we enjoyed creating it. You can learn more and read the in-depth, translated release notes »

Download Wesnoth 1.12.4 (stable):

Wesnoth Screenshot

See more screenshots »

Get Started

Want to know more about the game? Get started and read the complete manual.

Join Us

Whether you are a new player or an experienced developer, welcome to our community.

FAQ

A compilation of the most frequently asked questions about this game and the project behind it.

Reviews

There were many reviews by print and web magazines. Don't hesitate to have a look at them.

Free Game Alliance

News

Wesnoth 1.12.4, 1.13.1, and Security Advisory

Monday, June 29 2015

Wesnoth 1.12.4 — a maintenance release for the stable 1.12.x series — and Wesnoth 1.13.1 — the second 1.13.x development release — are now available. Both include various fixes and improvements made since the previous releases, as well as a fix for an important security vulnerability which allows a malicious user to steal add-on upload credentials. We urge content authors using any previous version to upgrade immediately.
Check the respective forum threads for these releases for a list of the most notable changes in both versions:
  Wesnoth 1.12.4 — maintenance release
  Wesnoth 1.13.1 — development release
See also our security advisory for previous versions.
The source code and the Windows installer files for both versions are already available on the downloads page. You may also find packages for other platforms there as they become available.

About Add-on Passphrase Security

Thursday, June 11 2015

Content creators who have published user-made add-ons to the Wesnoth add-ons server are surely aware that we currently use a very primitive authentication mechanism that works on a per-add-on basis. An uploader-defined passphrase is provided in the add-on’s .pbl file and this is matched against the add-ons server’s records.

What is not necessarily obvious is that the passphrase is stored in clear text form not only on the client’s side, but also on the server. This means that any person with access to the server configuration can see every add-on’s passphrase in a human-readable format that makes it trivial for it to be stolen. Furthermore, it is also possible for add-ons to obtain add-on passphrases from the client and transmit them over the network. Because of this, we advise content uploaders to use unique passphrases for their content and never reuse an existing password that could grant a malicious party access to their systems or other sites. Also, in order to prevent vandalism, we suggest either using hard-to-guess passphrases, or leaving the passphrase field blank or omitting it altogether when first uploading an add-on so that the add-ons client will generate and save a random one instead.

People who suspect they may be using insecure passphrases for their add-ons should send a private message to the Forum Administrators group to request changing passphrases; or use the command-line add-ons client with the following parameters if possible, substituting the text within brackets and replacing 1.12.x with 1.13.x or 1.10.x if applicable:

wesnoth_addon_manager -p 1.12.x --change-passphrase <Addon_Folder_Name> <old passphrase> <new passphrase>

Older news »