Releases: AuthMe/AuthMeReloaded
6.0.0
AuthMe 6.0.0
AuthMe 6.0.0 is a major overhaul focused on modern server compatibility, a cleaner authentication experience, and broader plugin ecosystem support. This is the first stable release of the 6.x line.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21+, Paper 1.21+ (1.21.11+ recommended for Dialog), and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the player's own language.
Several quality-of-life improvements ship with the dialog system:
- Email recovery in post-join dialogs — players with a recovery email can trigger password recovery directly from the dialog
- "Let player in" recovery option — a new setting allows players to partially join the server to complete account recovery rather than being held at the connection screen
- Customisable body description — the body text of login/register dialogs is configurable per server
- Separate forgot-password dialog — the forgot-password flow has its own dedicated UI for both pre-join and post-join contexts
- Register field validation — pre-join registration dialogs validate fields (password length, email format, etc.) before submission
- Kick-on-cancel option — a new setting controls whether players are kicked if they dismiss the pre-join dialog
Premium bypass with cryptographic Mojang verification
Players with a legitimate Mojang account can skip password authentication entirely. AuthMe verifies their identity via a full cryptographic handshake with Mojang's session server — no password prompt, no dialog box. This closes the spoofing vector that existed when relying solely on username matching.
Three verification modes are supported automatically depending on your setup: direct offline-mode (requires PacketEvents), online-mode proxy (UUID forwarded by the proxy), and offline-mode proxy with the AuthMe proxy plugin. Premium player lists are synchronised automatically and sent in chunks for large servers.
See the premium bypass guide for full setup instructions.
Messages in the player's own language
AuthMe serves each player messages in their Minecraft client language, including login/register prompts, help output, and dialogs. When a player's locale is not available it falls back to the server's configured default. See the translations reference for the full list of supported languages. New in this release: Tatar and Spanish translations.
Eight new account importers
The converter system now covers a wide range of authentication plugins. You can migrate accounts from:
- Auth+, LibreLogin, LimboAuth, nLogin (including SQLite auto-detection), OpeNLogin, tiAuth
All importers reuse the AuthMe connection pool and apply consistent UUID handling. See the converters guide for usage.
New server spawn priority
A new server value is available for the spawn priority setting. The spawn location is determined by the configured server spawn point with an optional radius so players don't stack on the same block. Falls back to the default spawn location if none is available.
Email confirmation on change
/email add and /email change now require the player to confirm the new address before it is saved, preventing typos from locking players out of account recovery.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm: PBKDF2BASE64
A new PBKDF2BASE64 hash algorithm is now supported. See the hash algorithms reference for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login rather than being lost. Configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version for spigot-legacy. Servers still running Java 8 or Java 11 must upgrade before installing this release.
Java 21 is now the minimum required version for other platforms (Spigot 1.21, Paper, Folia).
PacketEvents replaces ProtocolLib for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode. Install PacketEvents 2.x if you use any of these features — ProtocolLib is no longer used for this purpose.
Bug fixes
- Quit location is now correctly saved on disconnect
- Walk and fly speed are properly reset on auto-login via premium, session, or proxy
- Admin force-login commands correctly dismiss any open dialog for the target player
- Proxy auto-login works correctly when the target player is already online
- Email format is validated before any processing is attempted
- Email recovery UI is only shown when the email sending system is properly configured
- TOTP QR codes are generated with a default margin
- BungeeCord plugin messaging channel is correctly registered on startup
- Brigadier command registration handles
@characters and awaits proper type resolution - Converters correctly insert and update player UUIDs
- Spawn location Y coordinate is correctly selected in
serverspawn mode
Additional resources
6.0.0-R1
AuthMe 6.0.0-R1 - Release Candidate
This update brings a smoother, more modern AuthMe experience for both server owners and players. The focus of this release is simple: better support for modern server setups, a cleaner login flow, and more flexibility for server customization.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21, Paper 1.21+, and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two new dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and your backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the server's configured language.
Messages in the player's own language
AuthMe can now automatically serve each player messages in their Minecraft client language. When a player's locale is not available, it falls back cleanly to the server's configured default. See the translations reference for the full list of supported languages.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm and Auth+ account importer
A new PBKDF2BASE64 hash algorithm is now supported. An importer for accounts from the Auth+ plugin is also included. See the hash algorithms reference and the converters guide for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login, rather than being lost. This behaviour is configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version. Servers still running Java 8 or Java 11 must upgrade before installing this release.
PacketEvents replaces ProtocolLib for inventory protection and tab-complete blocking. If you used those features with ProtocolLib, install PacketEvents as an optional dependency instead — ProtocolLib is no longer used for this purpose.
Additional resources
AuthMeReloaded 5.7.0
AuthMe 5.7.0
This release focuses on stability, reconnect handling, mail reliability, and cleanup of long-deprecated code, while also improving localization support across
commands.
Breaking changes
- Java 17 is now required for AuthMe
5.7.0. - Legacy xAuth and Whirlpool support has been removed. If your server still depends on those old hash formats, migrate before upgrading.
Improvements
- Replaced hardcoded command strings with translatable MessageKey entries, improving localization coverage.
- Restored thrown ender pearls and mounted vehicles more reliably after reconnect.
- Enforced name/IP restrictions earlier during AsyncPlayerPreLoginEvent for better protection.
Fixes
- Fixed stale disk limbo data when a player quits before limbo is fully created.
- Fixed concurrent access issues affecting SQLite, timed counters, logout flow, and mail handling.
- Prevented SMTP sending from freezing the main server thread by dispatching mail work asynchronously.
- Corrected SSL/TLS handling for mail delivery and added the Email.sslCheckServerIdentity setting.
- Fixed teleport edge cases, including the y = 0 bug and spawn handling for unregistered players when registration is not forced.
- Fixed AccountsCommand self-lookup to use the correct self-owned accounts message.
Maintenance
- Updated dependencies and build tooling.
- Refreshed CI compatibility, including ProtocolLib
5.3.0 and Multiverse 4.3.16 updates.
AuthMeReloaded 5.6.0
AuthMeReloaded 5.6.0 Release Notes
We're excited to announce the release of AuthMeReloaded 5.6.0! This update brings significant improvements and new features, enhancing compatibility, security, and overall functionality. Below is a detailed breakdown of what's new, updated, and fixed in this version.
Commits since 5.6.0-beta2: https://github.com/AuthMe/AuthMeReloaded/compare/5.6.0-beta2...5.6.0?expand=1
Provided JARs:
- Minecraft 1.18+: AuthMe-5.6.0.jar
- Minecraft 1.8.X to 1.17.X: AuthMe-5.6.0-legacy.jar
Thank you for your continued support and contributions to AuthMeReloaded! We hope you enjoy the new features and improvements in this release.
Changelog
New Features
- Minecraft Compatibility: Now supports Minecraft versions 1.8 through 1.21.
- Java Compatibility: Supports Java versions 8 through 21. PR#2342
- Legacy Jar: Provided a legacy jar for Minecraft versions older than 1.18. Issue#1779
- GeoIP Database Option: Added config option to disable the GeoIP database. PR#2720
- MariaDB Support: Added support for the MariaDB driver. Issue#2556
- MySQL 8 Support: Updated connectors to support MySQL 8. Issue#1779
Updated Features
- /authme about Command: Enhancements to provide more detailed information. Commit||
- Security Enhancements: Increased the BCrypt default cost factor to reflect current computing power. PR#2360||
- Integration with LuckPerm: Keep contexts active after reloading groups. PR#2186
- Legacy Hashes Hint: Added a hint for legacy hashes in the LoginSecurity converter. Issue#2449
Bug Fixes
- SQLite Issue: Resolved a file not found issue with SQLite. PR#2371
- Player Data Saving: Fixed an issue preventing player data from being saved correctly. Commit
- Turkish Locale Support: Corrected issues affecting the Turkish locale. Commit
- Automatic Anti-bot: Addressed issues with the automatic anti-bot feature. PR#2611
- BungeeCord Integration: Checks before enabling BungeeCord hook and various integration-related fixes. PR#2572
- LOGIN Plugin Message: Now sends a LOGIN plugin message on join if a player is not registered. PR#2275
- Join Message Listener: Changed priority to fix compatibility with EssentialsX. Commit
- IP-Username Check: Prevent unrestricted usernames from bypassing IP restrictions. Commit
- Column Check: Fixed an issue with database column checks. Issue#2543
- Disable BungeeCord Hook when not in use: Disabled BungeeCord hook if the proxy is disabled in Spigot settings. Commit
Enhancements, Documentation and Miscellaneous
- Updated Dependencies: Enhanced stability and security with the latest dependency updates.
- Documentation: Updated documentation to reflect all the changes.
- Translations: Updated translations for better accessibility and user experience.
- Other Minor Fixes: Addressed various small issues to improve overall functionality and reliability.
AuthMeReloaded 5.6.0-beta2
Bugfixes and new features!
Changelog: COMING SOON
Closed issues: https://github.com/AuthMe/AuthMeReloaded/milestone/6?closed=1
Commits since 5.6.0-beta1: https://github.com/AuthMe/AuthMeReloaded/compare/5.6.0-beta1...5.6.0-beta2?expand=1
Breaking changes:
- None, hopefully!
AuthMeReloaded 5.6.0-beta1
Bugfixes and new features!
Changelog: COMING SOON
Closed issues: https://github.com/AuthMe/AuthMeReloaded/milestone/4?closed=1
Commits since 5.4.0: https://github.com/AuthMe/AuthMeReloaded/compare/5.4.0...5.6.0-beta1?expand=1
Breaking changes:
- Removed 1.7 support
AuthMeReloaded 5.5.0-SNAPSHOT
This will be the last artifact working on 1.7.X servers.
AuthMeReloaded 5.4.0
Complete changelog: https://github.com/AuthMe/AuthMeReloaded/wiki/5.4-Changelog
AuthMeReloaded 5.3.2
Important update: fixed some major bugs!
We now have a single jar that works on any MC version since 1.7.10!
AuthMeReloaded 5.3.1
We removed Argon2 support due to some limitations of the devbukkit download page, we are sorry.