Sorry to necropost but it's better than creating a separate topic.
Rather embarrassingly, it seems like a
serious security issue with the server-sent plugin slipped by me when I reviewed the 2016-08-17 update to gg2i and all later versions. As you may know, the server-sent plugin approval process exists specifically to avoid security issues…
https://youtu.be/1Q-U2THOF00I doubt WoodNeck had any malicious intentions, nor do I think WoodNeck ever exploited this, but I don't know for sure. The summary is that the plugin contains a (probably unintentional)
backdoor in the
plugin.gml file: it downloads a ZIP and extracts it to a temporary directory, and then calls
execute_file() for files in that same directory. I think it's just intending to execute the GML files that came with the plugin, but a maliciously-crafted ZIP could overwrite those GML files with ones I haven't reviewed and which can do, in principle, anything.
As a result, I will remove all versions of
gg2i from the plugins repository. The first versions of the plugin didn't have this issue but I suppose there's no point keeping them.
Please delete all copies of gg2i from your local ServerPluginsCache directory as well.Sorry everyone.

I know this plugin is basically dead now so it's only of historical interest, thankfully, but I really should have caught this.
