=======================================================
Unreal Tournament server exploits patched in XC_Engine:


*** PreLogin bypass / fake player exploit.
It is possible to bypass the server's PreLogin function, potentially making the password
protection useless and making it vulnerable to fake player flooding.
PATCHED:
- JOIN command requires LOGIN first, valid player name and class must be supplied by
the client in order to allow joining.


*** Control channel spam.
It is possible to make the server spam the log by sending text commands using the control
channel.
PATCHED:
- Unrecognized commands no longer logged.
- Pre-Join commands have no effect if the player is already in game.
- Post-Join commands have no effect if the player hasn't joined.


*** Mutate command spam.
If the server is running badly coded mutators, it is possible to lag/crash the server by
spamming mutate commands.
PATCHED:
- Replaced PlayerPawn.Mutate with XC_Engine_PlayerPawn.Mutate
Players can only possible to send up to 2 commands per second.
Only players logged in as administrator can fully spam mutate.


*** ShowInventory command spam
It is possible to make the server write huge log files by constantly spamming
ShowInventory command.
PATCHED:
- Replaced PlayerPawn.ShowInventory with XC_Engine_PlayerPawn.ShowInventory
Only players logged in as administrator can use the command.

