It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
a big one.
avatar
smuggly: a big one.
Not a save exploit not a way for people to launch unsigned code oh no protect us from the evil modders..

Can't they fix things that matter like all the missing abilities and stats that = Null.

Nope Actual game don't matter.
avatar
smuggly: a big one.
It's only to hotfix the vulnerability issue with mods and saves.
avatar
smuggly: a big one.
My game stopped working since I installed this patch. Black screen after cliking on Play from the game lauching menu...
https://youtu.be/NeIfKVEs9tI
avatar
smuggly: a big one.
avatar
Gersen: It's only to hotfix the vulnerability issue with mods and saves.
That's something anyway. I don't plan on playing the game again until they get it together if ever.
avatar
Gersen: It's only to hotfix the vulnerability issue with mods and saves.
Yes, days late. They should have released this hours after PixelRick found it.

Instead, they tried to throw modders under the bus. I guess you could call me one of those CDPR fanboys, but this kind of bs starts to really bug me. Are they really trying to deliberately piss off fans?
avatar
frogthroat: Yes, days late. They should have released this hours after PixelRick found it.
It doesn't work like that for big projects, there usually a whole "pipeline" you have to respect before releasing a new version into the wild, even a fix that takes 5 minutes might requires several days before it become available depending of the project and the complexity of the process.
avatar
frogthroat: Instead, they tried to throw modders under the bus. I guess you could call me one of those CDPR fanboys, but this kind of bs starts to really bug me. Are they really trying to deliberately piss off fans?
Ok, this one got me scratching my head; How exactly ? They said
If you plan to use @CyberpunkGame
mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.
Which part of that is "throw modders under the bus" exactly ? You can often blame CDPR and Gog for not being the best at communication but here you really need to grasp at industrial sided straws to find it as being an attack on moders ?

There is a vulnerability, don't download files, be it saves or mods, from untrusted sources, sounds like common sense to me.
avatar
Gersen: It doesn't work like that for big projects, there usually a whole "pipeline" you have to respect before releasing a new version into the wild, even a fix that takes 5 minutes might requires several days before it become available depending of the project and the complexity of the process.
This is a huge security risk. Normally you would put all effort on this one, even if it means halting other development.

There are games that have gotten patches for smaller issues in mere hours. The latest that I can think of is a small game, small team, so of course they could, but still, CrazyBunch released LSL:WDDT and ... I think achievements didn't work. Some thing didn't work. 2 or 3 hours later there was a patch to fix it.

Of course you can't really compare things like this; one bug is not the same as another bug. Some take more time, some take less. The pipeline should bend when high priority cases come at the door. They probably have some sort of priority system for their bugs and new features. Bugs probably have higher priority than new features at the moment. This vulnerability should have been an immediate show stopper/blocker.
avatar
Gersen: Ok, this one got me scratching my head; How exactly ?
yamasushi said it better than I.
https://forums.cdprojektred.com/index.php?threads/solved-important-pc-version-vulnerability.11078852/#post-12855656
avatar
frogthroat: This is a huge security risk. Normally you would put all effort on this one, even if it means halting other development.
Except it is not, It would be a huge security risk if it allowed to peoples to remotely access your computer or something like that, but here for it to be a risk you need to manually download a file from an untrusted source and install it/load it, by definition doing that is in itself a security risk. The risk is the same as downloading a crack or a trainer from an unknown source.
avatar
frogthroat: yamasushi said it better than I.
Except he doesn't say anything, he said modder are being blamed but doesn't give a single example or even any argument as to why he consider it to be the case. There is nothing in CDPR statement blaming mods or modders.
Post edited February 06, 2021 by Gersen
avatar
Gersen: you need to manually download a file from an untrusted source and install it/load it, by definition doing that is in itself a security risk. The risk is the same as downloading a crack or a trainer from an unknown source.
Yes, this kind of thinking is exactly what CDPR's statement is promoting. Equating cracks and mods. This is what annoys me with the whole thing. You hit the nail on the head.
avatar
Gersen: There is nothing in CDPR statement blaming mods or modders.
It leads you to believe modders are these crackhackers, and if you have read any news article about you know this is exactly how media ran with it.
Post edited February 06, 2021 by frogthroat
avatar
frogthroat: Yes, this kind of thinking is exactly what CDPR's statement is promoting. Equating cracks and mods. This is what annoys me with the whole thing. You hit the nail on the head.
This kind of thinking is common sense that everybody using a computer should have. If you download and install something on your computer, whenever it's a crack, mods, freeware, porn, etc... you need to trust the source where you get it from otherwise it is a huge security risk. Again basic common sense.

avatar
frogthroat: It leads you to believe modders are these crackhackers, and if you have read any news article about you know this is exactly how media ran with it.
How ? which part of the official statement said that ?

And that articles, because of bait concerns or incompetence, twist that into "moders are out there to hack your computer" it's another issue that has nothing with CDPR.
avatar
Gersen: This kind of thinking is common sense that everybody using a computer should have. If you download and install something on your computer, whenever it's a crack, mods, freeware, porn, etc... you need to trust the source where you get it from otherwise it is a huge security risk. Again basic common sense.
Yes, there's risks and then there's risks. If you have ever published any mods anywhere you know they are quite tenaciously curated. I have published one simple batch file that enables or disables mods and holy moly was that curated. I had to submit revisions before I was allowed to publish it. I was disabling one mod file that does not need to be disabled, for example, and that alone was enough to reject the batch file. Not because it would make any real difference in any direction, but because it was modifying files that weren't necessary to be modified. So even if the mod does something that does not affect anything, it's still rejected if it is not absolutely necessary to do so.

These mod sites are slightly different than going to some random website and downloading some random thing.

Just implying "watch out for mods" does not discriminate between legitimate sites and some random sites somewhere. But of course if there is a huge security risk, when they leave doors wide open, you should suspect all mods until it is fixed. Which is again, they should have released this hotfix waaaaay sooner. Not just fearmonger about modders.

avatar
Gersen: How ? which part of the official statement said that ?

And that articles, because of bait concerns or incompetence, twist that into "moders are out there to hack your computer" it's another issue that has nothing with CDPR.
I am starting to think you are not even trying to understand.

You didn't read yamasushi's post, did you? The way they worded it was saying "watch out for mods", not "we have a security leak so some external files may be used..." That can be taken as them implying they are not at fault. It was a security risk in their part of the game that modders should not even have access to. They did not communicate this.

They gave the implication to media to make those clickbait articles. It is on CDPR.

Perhaps we just have a different definition of honesty. For me honesty is not only that you say things that are technically true. I count implying something although you do not directly say it as dishonest. I count leaving vital information out as dishonest.
avatar
frogthroat: These mod sites are slightly different than going to some random website and downloading some random thing.
Did you read what they said ? (emphasis mine)

For now, please refrain from using files from unknown sources.
How do you read that and translate that to "you shouldn't download any mods even from legit, well know and trusted sites" ? If they had said it then maybe you might have had a point but it's not the case.

avatar
frogthroat: I am starting to think you are not even trying to understand.

You didn't read yamasushi's post, did you?
I did but I think that he is just straw-maning and reading too much in what they said.

avatar
frogthroat: not "we have a security leak so some external files may be used..." That can be taken as them implying they are not at fault. It was a security risk in their part of the game that modders should not even have access to. They did not communicate this.
What do you think "We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs." means ?

They are using some methods in Microsoft API (i.e. in an external DLL) that is know to be able to be used for buffer overflow exploit, and it's not even a bug it's by design, here they forgot to put the code to prevent it. The only way to take advantage of this possible exploit is if you run mods or load a tempered save file, if you don't you don't risk anything and never will, no matter if you are offline / online. The security risk only exists if you download tampered mods or saves.

Remember also that it was a warning for lambda users, not a three pages essay on software security, they had to keep it short and easy to understand for everybody, so simply saying "For now don't download stuff from un-trusted sites" was probably the best way to do so.

They never said / imply it was moders faults, never said / imply that you shouldn't download any mods, never said / imply that stuff you can find on Nexus or other well know modding site was unsafe.
Post edited February 06, 2021 by Gersen
CDPR

Before a patch is considered they have to draft a story of lies and deception to tell everyone then not deliver on any of it.