New cvars point to what was fixed:
sv_max_dropped_packets_to_process : 10 : : Max dropped packets to process. Lower settings prevent lagged players from simulating too far in the past. Setting of 0 disables cap.
Fixes timeshift hack
sv_max_usercmd_move_magnitude : 1000 : , "sv" : Maximum move magnitude that can be requested by client.
Fixes players moving too fast (most of the time due to accumulating movement from lagging)
sv_quota_stringcmdspersecond : 40 : : How many string commands per second clients are allowed to submit, 0 to disallow all string commands
Fixes a DoS attack
sv_signon_dos_disconnect : 20 : : Number of extra signon state confirmations required to disconnect a misbehaving client.
Fixes another DoS attack
They also changed tf_autobalance_dead_candidates_maxtime from 20 seconds to 15 seconds, which means it will wait 5 seconds less for people to die before forcibly switching autobalance candidates.
Twiggyso what's a screen overlay?
A screen overlay is a texture that is put on your whole screen. Think jarate or afterburn. This command was used by server mods to do some screen effects, but some of them tried to clear the screen using 0 which didn't do anything, instead of using off. Now, 0 also works so the mods don't have to be updated to properly clear the screen.
They also added some GDPR stuff to the protocol and added more rate limits internally (to prevent DoS attacks).