From 585f4dd3aa07feba9a7d9d3266684024ff8c0d51 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 1 Jun 2026 06:28:06 +0000
Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=86=99=20Bump=20version=20to=204.2.27?=
=?UTF-8?q?=20[skip=20ci]?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
Emulator/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Emulator/pom.xml b/Emulator/pom.xml
index 17628061..f3607db9 100644
--- a/Emulator/pom.xml
+++ b/Emulator/pom.xml
@@ -6,7 +6,7 @@
com.eu.habbo
Habbo
- 4.2.26
+ 4.2.27
UTF-8
From c4aae676b27ad0b4dd6488615d29883463847251 Mon Sep 17 00:00:00 2001
From: duckietm
Date: Tue, 2 Jun 2026 16:04:47 +0200
Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=86=99=20Security=20Fix?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Thanks to @Bop:
There's a group bug where you can accept anyone into a group within MS. There's no packet validation for accepting members if the group is invite only.
This is crucial because if you allow users to have rights who are group members, your rooms can be trashed. AKA YOUR EVENT ROOMS
---
.../guilds/GuildAcceptMembershipEvent.java | 84 +++++++++++--------
1 file changed, 47 insertions(+), 37 deletions(-)
diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/GuildAcceptMembershipEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/GuildAcceptMembershipEvent.java
index b4898da6..88f05e7e 100644
--- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/GuildAcceptMembershipEvent.java
+++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/GuildAcceptMembershipEvent.java
@@ -25,45 +25,55 @@ public class GuildAcceptMembershipEvent extends MessageHandler {
int userId = this.packet.readInt();
Guild guild = Emulator.getGameEnvironment().getGuildManager().getGuild(guildId);
+
+ if (guild == null) {
+ return;
+ }
+
+ GuildMember actorMember = Emulator.getGameEnvironment().getGuildManager().getGuildMember(guild, this.client.getHabbo());
+ boolean canAccept = guild.getOwnerId() == this.client.getHabbo().getHabboInfo().getId()
+ || this.client.getHabbo().hasPermission(Permission.ACC_GUILD_ADMIN)
+ || (actorMember != null && (actorMember.getRank().equals(GuildRank.ADMIN) || actorMember.getRank().equals(GuildRank.OWNER)));
+
+ if (!canAccept) {
+ return;
+ }
+
+ GuildMember targetMember = Emulator.getGameEnvironment().getGuildManager().getGuildMember(guildId, userId);
+
+ if (targetMember == null) {
+ this.client.sendResponse(new GuildAcceptMemberErrorComposer(guild.getId(), GuildAcceptMemberErrorComposer.NO_LONGER_MEMBER));
+ return;
+ }
+
+ if (targetMember.getRank().type != GuildRank.REQUESTED.type) {
+ this.client.sendResponse(new GuildAcceptMemberErrorComposer(guild.getId(), GuildAcceptMemberErrorComposer.ALREADY_ACCEPTED));
+ return;
+ }
+
Habbo habbo = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);
- if (guild != null) {
- GuildMember groupMember = Emulator.getGameEnvironment().getGuildManager().getGuildMember(guild, this.client.getHabbo());
- if (guild.getOwnerId() == this.client.getHabbo().getHabboInfo().getId()
- || this.client.getHabbo().hasPermission(Permission.ACC_GUILD_ADMIN)
- || (groupMember != null && (groupMember.getRank().equals(GuildRank.ADMIN) || groupMember.getRank().equals(GuildRank.OWNER)))) {
- if (habbo != null) {
- if (habbo.getHabboStats().hasGuild(guild.getId())) {
- this.client.sendResponse(new GuildAcceptMemberErrorComposer(guild.getId(), GuildAcceptMemberErrorComposer.ALREADY_ACCEPTED));
- return;
- } else {
- //Check the user has requested
- GuildMember member = Emulator.getGameEnvironment().getGuildManager().getGuildMember(guild, habbo);
- if (member == null || member.getRank().type != GuildRank.REQUESTED.type) {
- this.client.sendResponse(new GuildAcceptMemberErrorComposer(guild.getId(), GuildAcceptMemberErrorComposer.NO_LONGER_MEMBER));
- return;
- } else {
- GuildAcceptedMembershipEvent event = new GuildAcceptedMembershipEvent(guild, userId, habbo);
- Emulator.getPluginManager().fireEvent(event);
- if (!event.isCancelled()) {
- habbo.getHabboStats().addGuild(guild.getId());
- Emulator.getGameEnvironment().getGuildManager().joinGuild(guild, this.client, habbo.getHabboInfo().getId(), true);
- guild.decreaseRequestCount();
- guild.increaseMemberCount();
- this.client.sendResponse(new GuildRefreshMembersListComposer(guild));
- Room room = habbo.getHabboInfo().getCurrentRoom();
- if (room != null) {
- if (room.getGuildId() == guildId) {
- habbo.getClient().sendResponse(new GuildInfoComposer(guild, habbo.getClient(), false, Emulator.getGameEnvironment().getGuildManager().getGuildMember(guildId, userId)));
- room.refreshRightsForHabbo(habbo);
- }
- }
- }
- }
- }
- } else {
- Emulator.getGameEnvironment().getGuildManager().joinGuild(guild, this.client, userId, true);
- }
+ GuildAcceptedMembershipEvent event = new GuildAcceptedMembershipEvent(guild, userId, habbo);
+ Emulator.getPluginManager().fireEvent(event);
+
+ if (event.isCancelled()) {
+ return;
+ }
+
+ if (habbo != null) {
+ habbo.getHabboStats().addGuild(guild.getId());
+ }
+
+ Emulator.getGameEnvironment().getGuildManager().joinGuild(guild, this.client, userId, true);
+ guild.decreaseRequestCount();
+ guild.increaseMemberCount();
+ this.client.sendResponse(new GuildRefreshMembersListComposer(guild));
+
+ if (habbo != null) {
+ Room room = habbo.getHabboInfo().getCurrentRoom();
+ if (room != null && room.getGuildId() == guildId) {
+ habbo.getClient().sendResponse(new GuildInfoComposer(guild, habbo.getClient(), false, Emulator.getGameEnvironment().getGuildManager().getGuildMember(guildId, userId)));
+ room.refreshRightsForHabbo(habbo);
}
}
}
From 8d6b969d753b09d5b54213c9b593e49bdd363045 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 2 Jun 2026 14:06:26 +0000
Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=86=99=20Bump=20version=20to=204.2.28?=
=?UTF-8?q?=20[skip=20ci]?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
Emulator/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Emulator/pom.xml b/Emulator/pom.xml
index f3607db9..07ebff7c 100644
--- a/Emulator/pom.xml
+++ b/Emulator/pom.xml
@@ -6,7 +6,7 @@
com.eu.habbo
Habbo
- 4.2.27
+ 4.2.28
UTF-8