Hi ToKu,
Thanks for testing, I’m glad it’s working for you!
The security improvements are a good question. I would start with path sanitization - in my filesystem almost all read and write operations go through the fs_generate_path function, so there is a central place to check for invalid or malicious paths. In the existing code there is a lot less consistency in how paths are created and validated, and I did find a couple of specific issues that could potentially be exploited by a malicious running VM. I don’t know if the ioq3 devs would prefer if I post the details here or send it to them privately so they could issue a patch first.
I would also say that the new filesystem is more secure in terms of how hard it is for a bad pk3 to mess up the game. Since the ID paks have automatic precedence a server can’t just download a pk3 to baseq3 that permanently overrides the VMs and other core files. There are still ways a pk3 can mess up the game, but they are more limited in practice than they were previously.
There are some download-related improvements as well, including the fs_saveto_dlfolder and fs_restrict_dlfolder options, and also validating the hash of files after they are downloaded to make sure they don’t match an existing file. That’s to help prevent a server from slipping in a spoofed version of a system pak or other important file.