jME 3.10.0-alpha3 Available for Testing

If you are up for some testing, please consider adding the jme3-safeallocator module to your project. It will automatically harden all native memory allocated through JME APIs against memory corruption attacks.

This is particularly important if you process untrusted inputs in your app (e.g., a multiplayer game or custom map loading) that could end up passing ByteBuffers to JNI bindings, since if they contain a memory corruption bug, attackers could exploit it to run code on your players’ machines.

This cannot happen in pure Java, and with this module it is much less likely to occur in JNI bindings aswell. Consider it a last-resort safeguard for your game, especially nowadays, when finding these kinds of bugs is easier with AI.

If you maintain a JNI binding for JME, it may be worth allocating memory through JME’s ByteBufferUtils to benefit from this module.