YuPay - In-Game Payment/Donation Supporting WeChat Pay and Alipay -----
YuPay — A Modern In-Game Payment/Donation Plugin for 1.8.x-1.21.x, Supporting WeChat Pay and AlipayYuPay Release Notes · v1.2.2.0-SNAPSHOT
YuPay Release Notes · v1.2.2.0-SNAPSHOT
Callback Server Upgrade
The built‑in HTTP callback server has been replaced from the JDK’s com.sun.net.httpserver to Undertow 2.3.18.Final.
Undertow is a production‑grade HTTP server from the JBoss/WildFly project, widely used in enterprise Java applications. For plugin users, the most noticeable changes are:
Undertow and its dependencies are not bundled inside the plugin JAR. They will be automatically downloaded from Maven Central and cached in plugins/YuPay/libs/ when the server starts for the first time.
On first launch you will see log messages similar to the following – this is normal:
[LibraryLoader] Downloading: undertow-core-2.3.18.Final.jar ← https://repo1.maven.org/maven2/...
[LibraryLoader] ✓ Download completed: undertow-core-2.3.18.Final.jar (xxx KB)
[LibraryLoader] ✓ Verification passed (newly downloaded): undertow-core-2.3.18.Final.jar
After the download completes, subsequent startups use the cached files without requiring an internet connection.
Note: The server must be able to access repo1.maven.org on first launch. Please ensure network connectivity.
New Configuration Options in config.yml
The following optional fields have been added under the existing callback: node. If omitted, the default values (shown in parentheses) will be used:
callback:
port: 8080
host: "0.0.0.0"
# Threading model
io-threads: 2 # Number of IO threads – recommended not to exceed CPU cores (default 2)
worker-threads: 8 # Number of worker threads for business processing (default 8)
# Timeouts (milliseconds)
read-timeout-ms: 10000
write-timeout-ms: 10000
# Security
max-body-size: 65536 # Maximum request body size in bytes (default 64 KB)
allowed-ips: [] # IP whitelist – leave empty to disable
# Debugging
access-log: false # When enabled, logs every callback to the console
# Shutdown behavior
shutdown-grace-ms: 3000 # Grace period for graceful shutdown (milliseconds)
Old configuration files do not need to be modified manually. Any unspecified fields will fall back to the defaults, and the plugin can be updated without issues.
Other Fixes
Callback Server Upgrade
The built‑in HTTP callback server has been replaced from the JDK’s com.sun.net.httpserver to Undertow 2.3.18.Final.
Undertow is a production‑grade HTTP server from the JBoss/WildFly project, widely used in enterprise Java applications. For plugin users, the most noticeable changes are:
- Callback notifications are no longer queued or blocked when the server is busy – responses to WeChat Pay / Alipay notifications become more timely.
- A request body size limit (default 64 KB) is added; abnormal requests are rejected directly, saving server resources.
- An optional IP whitelist is added – when configured, only requests from the official WeChat/Alipay servers can reach the callback endpoint.
- When the plugin stops, the callback server waits for in‑flight requests to finish before shutting down, so ongoing order confirmations are not interrupted.
Undertow and its dependencies are not bundled inside the plugin JAR. They will be automatically downloaded from Maven Central and cached in plugins/YuPay/libs/ when the server starts for the first time.
On first launch you will see log messages similar to the following – this is normal:
[LibraryLoader] Downloading: undertow-core-2.3.18.Final.jar ← https://repo1.maven.org/maven2/...
[LibraryLoader] ✓ Download completed: undertow-core-2.3.18.Final.jar (xxx KB)
[LibraryLoader] ✓ Verification passed (newly downloaded): undertow-core-2.3.18.Final.jar
After the download completes, subsequent startups use the cached files without requiring an internet connection.
Note: The server must be able to access repo1.maven.org on first launch. Please ensure network connectivity.
New Configuration Options in config.yml
The following optional fields have been added under the existing callback: node. If omitted, the default values (shown in parentheses) will be used:
callback:
port: 8080
host: "0.0.0.0"
# Threading model
io-threads: 2 # Number of IO threads – recommended not to exceed CPU cores (default 2)
worker-threads: 8 # Number of worker threads for business processing (default 8)
# Timeouts (milliseconds)
read-timeout-ms: 10000
write-timeout-ms: 10000
# Security
max-body-size: 65536 # Maximum request body size in bytes (default 64 KB)
allowed-ips: [] # IP whitelist – leave empty to disable
# Debugging
access-log: false # When enabled, logs every callback to the console
# Shutdown behavior
shutdown-grace-ms: 3000 # Grace period for graceful shutdown (milliseconds)
Old configuration files do not need to be modified manually. Any unspecified fields will fall back to the defaults, and the plugin can be updated without issues.
Other Fixes
- Fixed an issue where cumulative sponsorship tier records were not saved when using SQLite. The original code used MySQL‑specific ON DUPLICATE KEY UPDATE syntax, which caused errors on SQLite and resulted in lost tier records. The plugin now automatically selects the correct syntax based on the database type.
- Fixed a missing app_id consistency check for Alipay callbacks. The plugin now verifies that the app_id in the callback matches the one configured.
- Added a timestamp replay attack prevention check for WeChat Pay callbacks. Callbacks with a timestamp older than 5 minutes are rejected.
Resource Information
Author:
----------
Total Downloads: 28
First Release: Feb 7, 2026
Last Update: Yesterday at 7:21 AM
Category: ---------------
All-Time Rating:
0 ratings
Version -----
Released: --------------------
Downloads: ------
Version Rating:
----------------------
-- ratings