This update completes and improves the email password recovery system.

Changes:

• Added complete SMTP email password recovery flow
• Added HTML recovery emails with inline logo
• Added configurable mail encryption: NONE, STARTTLS, SSL
• Added /maxauth testmail <email> for SMTP diagnostics
• Added recovery email send status, elapsed time, host, port, and encryption reporting
• Improved /confirmpasswordrecovery usage messages when confirmPassword is enabled
• Limited player recovery commands to the login phase only
• Improved recovery-related messages and documentation

Config option:
Use:

• NONE for plain SMTP
• STARTTLS for ports such as 587
• SSL for ports such as 465

New admin test command:
This sends a diagnostic recovery email with test code 123456 and shows the send status directly in chat.

Password recovery should now be fully usable with properly configured SMTP settings.

This update improves Floodgate/Geyser Bedrock compatibility, especially for servers using linked Bedrock-Java accounts.

Changes

• Added new nested Floodgate configuration:

• Added backwards compatibility for the old floodgateSupport: true/false option.
• Restored JPremium-style Floodgate handling, so Floodgate Bedrock players are handled before Mojang premium detection.
• Added optional Floodgate API detection for more accurate Bedrock detection, including linked accounts.
• Prevented MaxAuth from incorrectly treating linked Bedrock players as Java premium players.
• Improved Velocity GameProfile handling for Floodgate players.
• Updated documentation and example configuration.

Recommended config for Floodgate/Geyser servers:

If Floodgate API is not available, MaxAuth will fall back to basic Floodgate UUID/offline-mode detection.



Just replace old:
with new one:

This update adds expanded password hash compatibility and migration support.

Recommended for new passwords:

• ARGON2ID
• BCRYPT

Other configurable algorithms:

• PBKDF2_SHA256
• PBKDF2_SHA512
• SALTEDSHA512
• SHA256 - MaxAuth salted SHA-256 same like JPremium SHA256
• SHA512 - MaxAuth salted SHA-512 same like JPremium SHA512

Migration-only hashes accepted from the database:

• SALTEDSHA256
• DOUBLE_SHA512
• AUTHME_SHA256
• AUTHME_SHA
• PBKDF2
• CSHA256 - classic unsalted SHA-256
• CSHA512 - classic unsalted SHA-512
• MD5VB
• IPB3
• IPB4
• JOOMLA
• MYBB
• PHPBB
• PHPFUSION
• SMF
• WBB3
• WBB4
• XFBCRYPT
• ROYALAUTH
• MD5
• SHA1
• DOUBLE_MD5
• DOUBLE_SHA1
• BCRYPT2Y

When rehashPasswordWhenUsingDifferentAlgorithm is enabled, passwords using legacy or different algorithms are automatically upgraded after successful login.

New password configuration:
Note: Legacy hash support is intended for migration only. For new installations, ARGON2ID or BCRYPT is recommended.

Fixed compatibility issues with newer Paper builds, including Paper 1.21.11 plugin remapping.

Changes:

• Fixed Paper remapper crash.
• Fixed bStats initialization warning

Recommended update for all servers, especially Paper 1.21.11 and newer.