Automatically add or suggest adding fix for Serialization security vulnerability

[the-vindex]

Role

I play modded minecraft

Suggestion

When launching modpack on vulnerable versions, I want Prism to automatically add fixer mod for security vulnerabilty, see link below. Or warn me and ask for permissing to oneclick add that mod

Benefit

Security

This suggestion is unique

• [X] I have searched the issue tracker and did not find an issue describing my suggestion, especially not one that has been rejected.

You may use the editor below to elaborate further.

See post here https://github.com/dogboy21/serializationisbad/blob/master/README.md

• issue with older minecraft mods vulnerable for remote security vulnerability due to incorrect use of serialization

[Ryex]

I think I may have a idea for how this could work. if we maintained a list of known bad mod shas on the meta server we could flag them in a pre launch step. perhaps even suggest secure replacements? perhaps the mmpa would be willing to help maintain this?

[the-vindex]

What that project does is essentially having a patcher which is driven by config file, which lists vulenerable mods and classes to patch in a config file, which they update directly from github: https://github.com/dogboy21/serializationisbad/blob/master/serializationisbad.json

[Steveplays28]

Serialization Is Bad is attached as a Java Agent, so perhaps a checkbox somewhere could be added to automatically download the latest version of SIB and add the JVM argument. Maybe the instance creation tab (and versions tab) could be a good place for this?