Heads Up: Security update for Touch Events

Updates Announcements
#1

Hey guys. Just wanted to make a quick update so that devs have time to report on any potential issues.

Just enabled an update that should block invalid Touch Events on the server. Basically Touch Events should only be sent by authoritative simulators of parts that are touching. If the Touch Event is not from one of the owners of the pair of parts it is rejected.

You should not have to make any changes to your games to work with this feature. No code changes are required. If you’ve had to update your game logic to work around this please post here!

Please let me know if any games experience issues with Touch Events in unexpected ways!

33 Likes
October Recap: Here's Whats Happening in the Developer Community
Touched Event Not Firing When NetworkOwnership is Server
#2

cool, no more constant death in obbies with killbricks

10 Likes
#3

when was this update rolled out? i know numerous devs including myself have been having issues where touched events weren’t firing consistently on non collidable parts, regardless of network ownership it seemed.

does a client need to have ownership of both parts to always have a touched event replicate?

1 Like
#4

I’m a bit confused as to what will actually change in this update (other than increased security). Will scripts need to be changed? How will this impact gameplay?

2 Likes
#5

It sounds like they’re just watching to see how games react with this update. If you run into any problems with touch events, just let them know.

In other words, it sounds like you shouldn’t need to change anything.

2 Likes
#6

Can Collide parts usually don’t fire touch events unless a touch event is DIRECTLY on the part that is CanCollide false.

Only one of the parts needs to be owned.

You should not have to change anything. Touch Events should still work correctly, this is mostly an anti exploit patch.

I made this post mostly so that users can inform me of any bugs I may not have caught in testing. The security update was enabled only a few minutes ago.

4 Likes
#7

Only if you set network ownership to the server. Otherwise, the exploiter could walk up to the unanchored kill brick to get ownership, and then repeat exploit as usual.

#8

Kill Bricks are usually anchored and have no owner, anchored parts don’t play the automatic ownership game. So Touch Events with anchored parts means the unanchored part HAS TO BE owned by the reporter of touch events.

Please let me know if this doesn’t work as described.

#9

Yeah, sorry – I was thinking more along the the lines of kill brick spinners in classic Roblox games

#10

Yeah, if the Kill Brick is simulated you would have to set its owner to server to avoid exploits. Thanks for the clarification.

#11

YESSS!! Finally can’t wait for this to roll out, I had a ton on problems with my swords. :smiley:

#12

No need to wait, it is already rolled out.

1 Like
#13