Patched and counting.
v2.9.3 is two fixes that don’t touch gameplay at all, but both matter more than most feature releases do.
Today is the first day BREACH.MMO has ever successfully persisted server-side analytics
events to the database. We shipped the game with a registration bug in the analytics
pipeline that silently dropped every event since launch. It’s fixed now.
-
Analytics pipeline fix — The Bull queue processor in
AnalyticsQueuewas never registered. Every server-side event (trial.start,trial.mission.completed,checkout.complete, all of them) was being queued and then silently dropped. 110 backlogged events were persisted on deploy; all future events are now writing to Postgres. -
CVE remediation — Patched 6 critical and 10 high severity
vulnerabilities identified by Dependabot. Key packages updated:
ws(WebSocket DoS),axios(proxy bypass + credential leak),vitest(path traversal in test runner),form-data(CRLF injection). Zero critical CVEs remain in server-side dependencies.
Neither of these was visible to players. The analytics bug meant we were navigating blind — making product decisions without data. That’s over now. The CVEs were in dev/server-side dependencies with no direct player exposure, but they’re cleaned up regardless.
The game is pay-what-you-can and open source. play.multiversestudios.xyz/breach/