Version 1.1.1

Fixes and Improvements

Fixes

• Fixed a detection vector where OpSec didn't whitelist deprecated vanilla keys.
  Informed by @NikOverflow

Improvements

• Improved debug alerts to show the packet origin of key payloads and filtering out whitelisted key noises.
• Server resource pack keys are now resolved through normal vanilla key resolution instead of returning cached values.

For Minecraft Fabric 1.21 to 26.1
Full Changelog: V1.1.0...v1.1.1

Version 1.1.0

Bypass Fix, New Features and Other Changes

Bypass Fix

• Fixed a major key resolution protection bypass where servers could deliver mod detection key probes outside of anvil and sign screens. Key detection now simplified to cover all server network inbound packets for OpSec's key resolution interception.
  Informed by ExploitPreventer's recent patch by @NikOverflow.

New Features

• Added a simple integrity checker that detects if the mod has been tampered with by comparing checksum with official release, and displays a warning screen on startup if integrity checks fail. Could be easily circumvented but its designed to combat simple malware injections.

• Added an in-game update checker in the config menu.

Other Changes

• Fabric API module channels and keys now use the whitelist system instead of the legacy hard-coded pattern based matching bypass list.
• Reset button now updates update screen state.
• Fixed URL redirect for mod download buttons on newer Minecraft versions.
• Improved one-time hint message with a slight delay and color change for better visibility.
• Config menu now preserves scroll position when clicking buttons which was an issues on older Minecraft versions.
• Translation keys are now properly cleared on language reload.
• Remove unnecessary require=0 and fallback methods from Mixins.
• Migrated HttpUtilMixin from Unsafe to OpenSesame.
• Added packet source identification to exploit detection logs
• General performance optimizations.

For Minecraft Fabric 1.21 to 26.1
Full Changelog: V1.0.9.1...V1.1.0

Version 1.0.9.1 - Hotfix

Hotfix

• Fixed a client crash caused by resource pack chat alerts firing from Netty IO threads that effected Minecraft 1.21.5+.

For Minecraft Fabric 1.21 to 26.1
Full Changelog: V1.0.9...V1.0.9.1

Version 1.0.9

New Features and Changes

New Features

• Added offline (cracked) account support to the account manager, allowing users to add username-only accounts without authentication.
• Added a new "Debug Alerts" toggle in Misc settings (disabled by default). When off, key resolution probe alerts only appear when the resolved value was actually changed and spoofed. When enabled, alerts show for all probed keys, even unchanged ones.

Changes

• Key resolution probe chat alerts are now styled less alarming to avoid confusing new users.
• Added Ichor and LabyMod as incompatible mods to prevent conflicts.

For Minecraft Fabric 1.21 to 1.21.11
Full Changelog: V1.0.8...V1.0.9

Version 1.0.8

New Features and Changes

New Features

• Added new default automatic whitelist mode that automatically whitelist mods with registered network channels as they are most likely to have server-side features that breaks when not whitelisted.
• Added alert suppression for benign signs and anvils to prevent key resolution alerts triggered by sign or anvil screen search inputs from server plugin.
• OpSec no longer conflicts with ExploitPreventer. When both mods are installed, overlapping features are automatically disabled and deferred to EP. Read More

Changes

• Channel spoofing is now enabled by default.
• Replaced local URL blocking with @NikOverflow's ExploitPreventer's HTTP redirect protection implemention. OpSec had a detection vector due to its lack of 305 redirect handing.

For Minecraft Fabric 1.21 to 1.21.11
Full Changelog: V1.0.7...V1.0.8

Version 1.0.7

Bug fix and Code Changes

• ON_DEMAND ("Auto") chat signing now works reliably on proxy-based server networks that didn't advertise secure chat requirement with the enforcesSecureChat flag. If a server rejects an unsigned message, the mod will enable signing, and send the message seamlessly with the signing key.
• Code cleanup to removed 16 unused methods.

For Minecraft Fabric 1.21 to 1.21.11
Full Changelog: V1.0.6...V1.0.7

Version 1.0.6

New Features and Fixes

New Features

• Added a one-time hint message when a key resolution exploit is first detected, telling users they can disable chat and toast alerts.
• Replaced the "Don't Show Again" button on the update screen with "Skip This Version" to only skips the specific version shown, so future updates will still trigger the notification.
• Added interception type (TRANSLATION, KEYBIND) to distinguish between interception sources in log output.
• Added Minecraft 1.21 support.

Bypass Fix

• Fixed a server resource pack key poisoning bypass where servers could inject custom keys and their respective values via server pack. The old approach auto-whitelisted all server resource pack keys to prevent spoof detection but incorrectly whitelisted keys that are also in installed mods, allowing servers to detect mods by placing and probing mod keys in the server resource pack. Blocked keys now return the server pack value instead (matching what a vanilla client would see).

Before (1.0.5 and below):

Revealed actual client values because OpSec incorrectly whitelisted keys that are both in the server resource pack and installed mod(s).

After (1.0.6):

Now returns the server resource pack values (if it exists) just like vanilla clients.

Other Fixes

• Fixed mods with only keybind keys not appearing in whitelist and /opsec info.
• Fixed key resolution protection not activating when brand spoofing was disabled.
• Fixed key resolution alerts and logging not showing the actual returned resolved value to the server.
• Fixed dedup caches not clearing between sign/anvil screen entries, causing stale state to suppress alerts on repeated probes.

For Minecraft Fabric 1.21 to 1.21.11
Full Changelog: V1.0.5...V1.0.6

Version 1.0.5

New Features and Code Changes

New Features

• Added a non-blocking update checker that queries GitHub releases on startup and shows a notification in the multiplayer
  menu.
• Added "Enable All" / "Disable All" buttons to the whitelist tab to easily select and de-select mods.

Code Changes

• Rewrote key resolution protection to intercept at the call site (decompose()) instead of ClientLanguage. The old
  approach could be bypassed if Minecraft swapped out the Language implementation at runtime. Removed LanguageMixin.
• Fixed anvil key resolution protection inconsistencies, the deferred context cleanup could prematurely clear the
  anvil's protection context if another exploitable screen (e.g., sign) was opened shortly before it.
• Replaced fragile reflection-based access to translation storage with a proper Mixin @Accessor.
• Removed require = 0 from protection mixins so a mixin failure crashes on startup instead of silently leaving users
  unprotected.
• Removed server IP field from chat signing chat alerts to prevent leaking sensitive information,
• Fixed a race condition where opening exploitable screens in quick succession could clear protection context
  prematurely.
• Channel tracking now resolves namespaces to their actual owning mod (e.g., jm namespace correctly maps to JourneyMap).
• Expanded startup channel scan to cover more Fabric API entry points (getReceived, getSendable).
• Consolidated duplicated namespace checks across the codebase into ChannelFilterHelper.isCoreNamespace().
• Removed a redundant max redirect check that was placed after the redirect loop body.
• Fixed /opsec info <mod> reporting mods as whitelisted even when the whitelist feature was disabled.
• Channel spoofing is now disabled by default to avoid breaking server-dependent mods for new users.
• Default brand changed from Vanilla to Fabric since servers can flag clients for mismatch key resolution now that channel spoofing is disabled by default.
• Moved the settings button from the bottom-right footer to the top-left header of the multiplayer screen.
• Renamed "Translation Exploit Protection" to "Key Resolution Protection" across the mod.
• Converted hardcoded Component.literal() setting labels to Component.translatable() with lang file keys.
• JAR filenames now include a v prefix (e.g., opsec-1.21.11+v1.0.5.jar).

For Minecraft Fabric 1.21.1 to 1.21.11
Full Changelog: V1.0.4...V1.0.5

Version 1.0.4

Code cleanup

• Remove ~150 lines of dead code from ModIdResolver and SessionAccount
• Add null check in ModIdResolver.getModIdFromClass()
• Add logging to silent catch block in TranslatableContentsMixin
• Replace magic formatting codes with ChatFormatting enum
• Extract hardcoded URLs/timing values to OpsecConstants
• Unify isVanillaMode/isFabricMode/isForgeMode implementation
• Make animationTicks volatile for thread safety

For Minecraft Fabric 1.21.1 to 1.21.11

Version 1.0.3

New Features and Changes

Features

• Added refresh token support for re-authenticating expired session tokens.
• Added retry logic to account sign-ins.

Changes

• Fixed AUTO signing mode to properly use signatures on servers that requires them. Profile keys now initialize before connection handshake.
• Login/logout operations now run asynchronously to prevent game freezing, with animated loading indicator.
• Reduced duplicate whitelist logging.

For Minecraft Fabric 1.21.1 to 1.21.11