Luanti 5.15.2 [SECURITY RELEASE]

by **sfan5** » Tue Apr 14, 2026 21:39 Post

Luanti 5.15.2 has been released! (security release for 5.15.1)

Blog post: https://blog.luanti.org/2026/01/24/5.15.0-released/ (5.15.0)

Highlights

This release fixes critical security vulnerabilities affecting both the client and server. We advise everyone to upgrade immediately.
Note that the attack vector for the critical vulnerabilities is installing malicious mods locally. They are not exploitable remotely (by clients joining malicious servers, or by malicious clients joining a server).

Changelog: https://docs.luanti.org/about/changelog/#5151--5152
Source code: https://github.com/luanti-org/luanti/tree/5.15.2

Downloads

Refer to the Assets section on the GitHub release page.

Which file do I need to download?

Windows: EXE file (for 64-bit systems) or the portable builds named win64, win32
MacOS: macos*_arm64 (Apple Silicon), macos*_x86_64 (Intel-based)
Android: arm64-v8a (common), armabi-v7a (old devices), x86 or x86_64 (ChromeOS, budget)
Linux: check for updates in your package manager or use Flatpak

For Windows: If you're using the self-extracting launcher for the first time, see how to copy your data.

Please note some downloads are not yet available at the time of writing.

ROllerozxa · by **ROllerozxa** » Tue Apr 14, 2026 22:09 Post

I have made a new release for my luantiserver Linux builds as well as the AppImage builds, if anyone is using those.

Nininik · by **Nininik** » Wed Apr 15, 2026 15:11 Post

Let's go!!!! Is there anything deprecated?

Exo · by **Exo** » Thu Apr 16, 2026 21:49 Post

I don't think so. It's just a security build.

by **sfan5** » Fri Apr 17, 2026 08:39 Post

Indeed. It's essential that a security patch does nothing else, so that nobody has a reason not to upgrade. The only other two changes we included are two low-risk bug fixes.

By the way since it's been asked a few times: All previous Luanti versions are vulnerable. That includes 5.14.0, 5.13.0, 5.12.0, 5.11.0, 5.10.0, 5.9.1, ... To be safe you must upgrade or figure out how to apply the source code patches to your old version.

Wuzzy · by **Wuzzy** » Fri Apr 17, 2026 21:22 Post

What about version 0.4.17.1? If this is vulnerable as well, will the bugfix be backported? (because some servers are still stuck on that ancient version)

YouTube · by **rubenwardy** » Fri Apr 17, 2026 21:28 Post

Wuzzy wrote: ↑
Fri Apr 17, 2026 21:22
What about version 0.4.17.1? If this is vulnerable as well, will the bugfix be backported? (because some servers are still stuck on that ancient version)

0.4.17.x is no longer supported, and there are many known security vulnerabilities in it even before this release (including a remote code execution)

We recommend that the server owners update to a supported version

(It's possible that some distros will backport fixes, and 0.4 users may wish to fork the engine to provide fixes. But it's not something for us to do)

Nininik · by **Nininik** » Fri Apr 17, 2026 22:23 Post

Why do people even stay at old ahh versions, is they stupid?

ArceusI · by **ArceusI** » Fri Apr 17, 2026 22:46 Post

Nininik wrote: ↑
Fri Apr 17, 2026 22:23
Why do people even stay at old ahh versions, is they stupid?

Honestly, either because something changed that they hate, or they have other reasons.

I'm not going to F-Droid 2.0 due to the UI change, and have since split the work between Florid & Obtainium.

Luanti, unfortunately, has only 1 alternative, and it's not going very well.

My Content on ContentDB · by **Blockhead** » Sat Apr 18, 2026 00:12 Post

Nininik wrote: ↑
Fri Apr 17, 2026 22:23
Why do people even stay at old ahh versions, is they stupid?

5.0.0 was a bit of a rough release for some servers performance, plus it would take at least a couple of hours to fix some of the deprecations. Bouncy physics were broken too I think, plus other small things made some people think "it's just not the same game any more!" (it almost entirely is but... anyway). Totally not worth 8 years of extra development to switch to 5.15.2 right?

ArceusI · by **ArceusI** » Sat Apr 18, 2026 02:44 Post

Blockhead wrote: ↑
Sat Apr 18, 2026 00:12

Nininik wrote: ↑
Fri Apr 17, 2026 22:23
Why do people even stay at old ahh versions, is they stupid?
5.0.0 was a bit of a rough release for some servers performance, plus it would take at least a couple of hours to fix some of the deprecations. Bouncy physics were broken too I think, plus other small things made some people think "it's just not the same game any more!" (it almost entirely is but... anyway). Totally not worth 8 years of extra development to switch to 5.15.2 right?

Yeah it's a thing good I was late to Luanti, so I'm fine with it just the way it is.

TenPlus1 · by **TenPlus1** » Sat Apr 18, 2026 05:17 Post

Xanadu server was on 5.7 for the longest time and after taking some time to upgrade all the mods and fix any deprecations we finally landed on 5.15 which I must say is a lot smoother with many new features to play around with.

ArceusI · by **ArceusI** » Sat Apr 18, 2026 05:21 Post

TenPlus1 wrote: ↑
Sat Apr 18, 2026 05:17
Xanadu server was on 5.7 for the longest time and after taking some time to upgrade all the mods and fix any deprecations we finally landed on 5.15 which I must say is a lot smoother with many new features to play around with.

Not to mention the performance improvements too.

iisu · by **iisu** » Sun Apr 19, 2026 15:54 Post

Nininik wrote: ↑
Fri Apr 17, 2026 22:23
Why do people even stay at old ahh versions, is they stupid?

iisu · by **iisu** » Sun Apr 19, 2026 16:04 Post

At least one server I'm aware of uses a custom fork and porting to 5.x would be a lot of work.

ArceusI wrote: ↑
Sat Apr 18, 2026 02:44
Yeah it's a thing good I was late to Luanti, so I'm fine with it just the way it is.

You're never late. Breaking changes happen and they will likely happen again.

Blockhead wrote: ↑
Sat Apr 18, 2026 00:12
plus other small things made some people think "it's just not the same game any more!"

Well, it's not Minetest anymore. :^)

ArceusI · by **ArceusI** » Sun Apr 19, 2026 23:35 Post

iisu wrote: ↑
Sun Apr 19, 2026 16:04
At least one server I'm aware of uses a custom fork and porting to 5.x would be a lot of work.

ArceusI wrote: ↑
Sat Apr 18, 2026 02:44
Yeah it's a thing good I was late to Luanti, so I'm fine with it just the way it is.
You're never late. Breaking changes happen and they will likely happen again.

Blockhead wrote: ↑
Sat Apr 18, 2026 00:12
plus other small things made some people think "it's just not the same game any more!"
Well, it's not Minetest anymore. :^)

For the first one: Yeah, the 5.15.0 graphical glitch was harsh, but at least that was corrected in 5.15.1 (This new update only patches a security vulnerability), but we have little idea what 5.16.0 will bring (& break).

Honestly, the application being called Luanti makes sense, as it uses LUA script files, and MineTest would've caused some confusion with Microsoft's Minecraft and potentially cause legal disputes.

MatyasP · by **MatyasP** » Mon Apr 20, 2026 18:32 Post

Nininik wrote: ↑
Fri Apr 17, 2026 22:23
Why do people even stay at old ahh versions, is they stupid?

For example, deprecation of games (for example, once after long time I play on my old worlds in 0.4.11 with files auth), deprecation of map generators...

ArceusI · by **ArceusI** » Thu Apr 23, 2026 15:47 Post

MatyasP wrote: ↑
Mon Apr 20, 2026 18:32

Nininik wrote: ↑
Fri Apr 17, 2026 22:23
Why do people even stay at old ahh versions, is they stupid?
For example, deprecation of games (for example, once after long time I play on my old worlds in 0.4.11 with files auth), deprecation of map generators...

Those are some plausible reasons. But as I said, there's multiple other reasons.

Luanti Forums