• published the article The Minecraft CurseForge Beta has Concluded

    Hi everyone,

    As of today, we've wound down the Minecraft CurseForge beta. Thanks to everyone who looked around, reported bugs and provided feedback, it has helped us a ton to prepare for the real thing.

    Speaking of that, stay tuned. We'll be back real soon.

    Posted in: The Minecraft CurseForge Beta has Concluded
  • published the article Store Offline for Maintenance

    Hi all,

    We've taken the store offline for maintenance. Don't worry, this has no effect on your points or your orders. It will be back online later today.

    Posted in: Store Offline for Maintenance
  • published the article Repository Hosting Restored

    Earlier today, we migrated to a shiny new stack on shiny new servers. As part of this, we're also migrating the repository services, which will remain offline for a little while longer.

    Not to worry, your repositories are safe and sound, we're just doing the repository server move out of band of the main migration.

    I'll update this post once repository services are back online.

    Update: Repo services have been restored.

    Posted in: Repository Hosting Restored
  • published the article Subversion Rollbacks for a Subset of Repositories

    Due to some unforseen complications during a routine maintenance, we've had to temporarily disable access to subversion repositories in order to do rollbacks on a subset of repositories.

    Update 12:42am CST / 06:42 UTC:

    All affected repositories have been restored to their latest backups from this sunday and access to repositories have been restored. Unfortunately, that is the most recent backup we have where we know the issue not to be present. All affected repositories have had their UUID changed, so you will have to do a fresh checkout. This was done to prevent any corruption of server side repositories, due to limitations in how svn handles revisions.

    The easiest way to restore any commits made since sunday is take your old checkout, remove the .svn folder(s) and copy it on top of the fresh checkout, and then commit it.

    We're very sorry about this situation, and are still investigating what went wrong during the maintenance to cause this.

    Posted in: Subversion Rollbacks for a Subset of Repositories
  • published the article Rolling Upgrades of Subversion Repositories on Monday, October 29th Starting at 15:00 UTC (completed)

    Hi guys,

    About a month ago we upgraded to Subversion 1.7. On Monday, we will be doing rolling upgrades of all of our Subversion repositories to the latest on disk format. There will be no overall interruption of service, although specific repositories will be unavailable while they are being upgraded.

    This will give access to the latest Subversion features for all repositories.

    We will be starting this process at 15:00 UTC and expect it to take around 10 hours to upgrade all repositories.

    Note: If you attempt to access your repository while it is being upgraded, it will fail.

    Posted in: Rolling Upgrades of Subversion Repositories on Monday, October 29th Starting at 15:00 UTC (completed)
  • published the article On Markup Languages and Security

    As many of you noticed, a couple of weeks ago we changed up the formatting on the site. This was done for security - A severe XSS vulnerability was found in our Markdown parser as well as a potential security issue in our Safe HTML parser, and we moved fast to disable them when it was discovered.

    At the same time, we decided to go ahead and actually deprecate parsers that were considered deprecated internally for quite some time - Textile, Curse Wiki and Safe HTML.

    In retrospect, this was shortsighted, and we should not have deprecated Safe HTML. Since we made the determination internally to deprecate it, it has seen a huge rise in popularity, primarily in the Bukkit Dev community, and we had not factored in this new usage. We moved fast on the security, and made a rash decision in the heat of the moment to deprecate it without re-evaluating usage. For that we apologize.

    With that out of the way, I'm happy to announce that Safe HTML is back, and the same HTML subset is available if you use markdown.

    The new and improved Safe HTML (and Markdown) supports the following tags:

    a, abbr, b, big, blockquote, br, caption, code, dd,
    del, dl, dt, em, h1, h2, h3, h4, h5, h6, hr, i,
    img, li, ol, p, pre, s, small, strike, strong, sub,
    sup, table, tbody, td, tfoot, th, thead, tr, ul

    And attributes:

    alt, colspan, href, rowspan, src, title

    Note that both tags and attributes must be lowercase. Uppercase is no longer supported.

    If you have any tags and attributes you'd like to see supported, let us know in the comments below, and we will consider adding them.

    Have a good weekend.

    Posted in: On Markup Languages and Security
  • published the article Upcoming site maintenance at 2pm CST / 19:00 UTC (completed)

    We will be performing site maintenance today at 2pm CST / 19:00 UTC. We expect the maintenance to last no more than 30 minutes.

    UPDATE 2:15pm CST / 19:15 UTC: The maintenance has been completed.

    Posted in: Upcoming site maintenance at 2pm CST / 19:00 UTC (completed)
  • published the article Maintenance (completed)

    Hi guys!

    On Thursday December the 8th at 12:30PM CST we'll be taking the site off line for a maintenance window. During this time the website and is related services will be offline. We expect the downtime to last for less than two hours.

    Thank you for your patience during this inconvenience.

    UPDATE 1:30 PM CST: The maintenance has been completed.

    Posted in: Maintenance (completed)
  • published the article About the downtime and expired SSL certificates

    Hi guys,

    We've posted a story on curse.com explaining what happened in the last few days to cause this downtime, and what we're doing to prevent it ever happening again.

    Murphy's law being what it is, luck would have it that our SSL certificates for CurseForge and WowAce expired just as the downtime bagan, on June 23rd. Please rest assured there's no security breach, they are simply certificates that expired at about the worst possible time. We will be updating them on Monday, June 27th.

    Update June 27th: The SSL certificates have now been updated.

    Posted in: About the downtime and expired SSL certificates