Please immediately update ioquake3 to the latest test build before you connect to any online servers. Despite the name, the test builds are in fact way more stable and secure than any release at this time.
In doing so you’ll also receive access to all kinds of other updates and changes that we’ve made since you last installed ioquake3.
Here’s the why:
We recently pushed a large security fix that prevents malicious actions from multiplayer servers.
Please share this news with any other Quake 3 players you know. It’s on Facebook and Twitter as well. These kinds of exploits are even worse in the regular Quake 3 client, nobody should be using that anymore.
Our Player’s Guide can help new Quake 3 players get started with ioquake3.
Ideally, we would distribute these security fixes automatically, similar to the way browsers like Chrome and Firefox distribute updates. Games on consoles, or in Steam, require updates in order to go online and happen automatically now. This way, we could distribute an update first so that nobody who is online is vulnerable in an ideal scenario.
Until then, please update your test build as often as you can to get the latest security changes.
ioquake3 is an all-volunteer project that needs your help. Check out this page if you’d like to join us in our mission to keep Quake 3 alive.
Our thanks to Victor Roemer for reporting the vulnerability.
If you find a security vulnerability, please e-mail firstname.lastname@example.org.