Hi, just letting everyone know that due to this: http://www.planetminecraft.com/blog/psa-server-exploit-discovered-update-immediately/ everyone should update their spigot builds immediatley. Not sure what its all about, but thought i'd let everyone know. Edit: md_5, andrewkm and dinnerbone have managed to find and track down a user authentication exploit, that in certain cases can allow players to login as other players. This exploit has been found in the wild, and came to the attention of some server owners noticing odd behaviour in their server logs. At this point however, most of the reports of affected servers have been running Spigot. While the exploit will effect vanilla and CraftBukkit servers, a recent change to Spigot adjusting the threaded behaviour of the login checks, greatly increased the chances of someone pulling off the exploit. During testing we found it was possible to replicate this exploit on a Spigot (versions 1082-1089) with a success rate of above 10%, while on vanilla/CraftBukkit servers the current exploit code had a success rate of less than 1%. For people running the effected versions of Spigot (versions 1082-1089), I would recommend upgrading to 1090 which should help to address this issue. Until this patch gets applied mainstream (manages to make it through QA) keep a close eye on your server log, for failed user login attempts. It might also be a good time to check your backup system, just in case a more wildly reproducible version of this exploit is developed while you are tucked up in bed. ~ Just to reiterate, this is not a Spigot issue, but people running Spigot 1082-1089 have a higher chance of being affected than other users.