This means that if you host a server with custom files (maps, models, etc.), you need to setup a fastdl server (sv_downloadurl). If you don't have a fastdl server, no client will be able to join, unless he sets his allowupload back to 1.
Does anybody know why this has been done? The changelog implies a security issue, but I see no reason why a simple whitelist on the client side shouldn't do the trick, as this was always the case.
Or was this update aimed only at server side and the change on the client side was just a unintended side-effect?
Oh, I thought whether or not the client would be able to download files from
the server would be handled by cl_allowdownload, not sv_ one since it's
meant for server variables. As cl_allowdownload was still 1 thought it'd
But I hope the value for clients get's changed back to 1, since this messes
up the custom sprays plugin my community uses as I can't send stuff to
clients mid game anymore :(