SideGate 1.2.2

Release date: 2026-06-10

Added

• Added proxy-mode.enabled for Bukkit backends connected through SideGate for Velocity.
• Added platform-neutral LoginDecision results and evaluateLogin(String) to the public API.
• Added isProxyModeEnabled() to the public API.
• Added configurable Velocity login-decision logging and a Premium-session failure message.

Changed

• Velocity now owns Premium/Guest login decisions while Bukkit proxy mode applies Guest tags, gamemode, titles, messages, and chat prefix.
• ProtocolLib remains a required dependency for every Bukkit installation, including proxy-mode backends.
• Velocity Premium checks now fail closed on invalid usernames, Mojang API errors, and unexpected responses.
• Velocity Premium checks now use asynchronous HTTP with request deduplication instead of blocking the pre-login handler.
• Velocity now preserves prior Floodgate/authentication-plugin decisions and tracks Guest candidates by connection with expiration.
• Velocity login routing is disabled when online-mode is false or modern player forwarding is not configured.
• Velocity now replaces its generic invalid-session response for Premium-name conflicts with the configured SideGate message.
• allow-all-guests now defaults to true in both editions.

SideGate 1.2.1

Release date: 2026-06-10

Added

• Optional Floodgate and Geyser-Spigot integration. Detected Bedrock players stay on the Floodgate/Geyser authentication path and are not classified or tagged as SideGate guests.
• Soft dependencies for floodgate and Geyser-Spigot; neither plugin is required when Bedrock support is not used.
• Added configurable premium-session-failure.action with KICK_WITH_MESSAGE and FALLBACK_TO_GUEST modes.
• Added a configurable Premium-name conflict message. SideGate compares the login UUID with the official Mojang profile before encryption so cracked launchers that abort on HTTP 401 receive the configured message.
• Added Guest fallback for Premium-name UUID mismatches before encryption, plus same-connection fallback when an invalid encrypted session response is available.

Changed

• Mojang profile lookups now run through ProtocolLib's asynchronous listener path to avoid blocking the packet thread.
• Premium lookup cache entries now expire after 10 minutes and use bounded eviction instead of clearing the entire cache.
• Premium lookup cache entries now retain the official Mojang UUID for early Premium-name conflict detection.
• Mojang API errors, invalid responses, and invalid Java usernames now fail closed by leaving authentication to the server instead of granting guest access.
• Guest connection selection now requires an exact address match or matching login profile name; unsafe cross-connection and port-only fallbacks were removed.
• Removed the duplicate SideGate prefix from plugin logger messages because Bukkit already adds the plugin name.
• Compatibility and issue-report startup notices now use INFO; the ProtocolLib dev-build warning is skipped when a development build is already installed.

Fixed

• Fixed Floodgate/Geyser Bedrock players being treated as non-premium guests.
• Fixed a possible guest injection mix-up when multiple login connections were pending.
• Fixed a ProtocolLib TemporaryPlayer warning and stack trace caused by reading an unavailable UUID during early login.

SideGate 1.2.0

Release date: 2026-05-18

Added

• Runtime API service (SideGateApi) exposed through Bukkit ServicesManager for addon/plugin integration.
• Runtime reload support with /sidegate reload to re-read config and rebind listeners.
• Guest handling improvements: guest scoreboard tag, configurable join title/subtitle/messages, and guest-only chat prefix.

Changed

• ProtocolLib is now compileOnly to avoid shading/packaging ProtocolLib into SideGate and prevent classloader conflicts.
• Login-state injection path was adjusted to prefer stable accept states (READY_TO_ACCEPT, fallback ACCEPTED) to reduce non-premium login timeouts.
• Defensive ProtocolLib runtime checks were added to avoid NullPointerException when ProtocolManager is temporarily unavailable.
• Guest login injection now cancels login at START and immediately injects approved guests, with delayed fallback retained for packet-order edge cases.
• Post-auth login pipeline now supports modern GameProfile method signatures (verifyLoginAndFinishConnectionSetup, startClientVerification, finishLoginAndWaitForClient) for newer Paper builds.

Fixed

• Fixed startup failure where ProtocolLibrary.getProtocolManager() could be null and crash plugin enable/disable.
• Fixed guest login flow instability causing repeated guest injection and disconnect timeout behavior in hybrid mode.
• Fixed Invalid session/timeout on Paper 1.21.11 when guest login state advanced incompletely.

Compatibility

• Server: Paper/Spigot/Purpur (Bukkit-compatible)
• Tested: Paper 1.20.1, Spigot 1.20.1, Paper 1.21.11
• Practical compatibility range: 1.20.1–1.21.11 (with ProtocolLib dev build recommended for 1.21.9+)
• Java: 17+
• Dependency: ProtocolLib 5.x+

Notes

• For hybrid guest mode operation, set enforce-secure-profile=false in server.properties.
• Keep online-mode=true; SideGate handles approved guest flow without globally switching offline mode.
• Added startup warning for Minecraft 1.21.9-26.x to recommend ProtocolLib dev build:
  ProtocolLib Dev Build