I would like to suggest changing the permission level required for the "/chase" command. This tool is available if the "MC_DEBUG_CHASE_COMMAND" debug property is set to true.
At present, the "/chase" command has a dangerous security flaw that could put a server at risk: no permission level is required to use the command. This means that anyone could log in to a server for Java Edition and abuse the utility, even if they don't have operator privileges. The only way to close the security hole is to disable the command.
People should be able to activate the utility without having to worry about it being abused by a player without operator privileges. Thus, it would be a lot more secure to require that a player be flagged as an operator to use the "/chase" command.
Please sign in to leave a comment.
0 Comments