Akeeba Admin Tools PRO

Akeeba Admin Tools PRO 7.6.2

No permission to download

New features​

  • Accurate PHP CLI path in the PHP File Change Scanner Scheduling page
  • Added support for multiple email addresses inside WAF configuration
  • Automatically delete Temporary Super Users no longer linked to Joomla users
  • Backend management tables multiple row select and column hiding support
  • Password hashing algorithm selection for password-protect admin folder
  • Workaround for Joomla! 5.2 broken mail template layout

Bug fixes​

  • [LOW] Do not produce a fatal error if we get an error while saving IP address on new user registration
  • [LOW] In some specific circumstances, WAF exceptions were not correctly applied

Miscellaneous changes​

  • Updated list of forbidden usernames
  • Updated list of user agents to block

v7.6.1​

  • Fixed [HIGH] Possible PHP error whilst logging a blocked request

v7.6.0​

  • Added Reset Joomla! Update feature from the backend, the CLI, or a Scheduled Task
  • Changed PHP File Change Scanner will now strip comments before evaluating the Threat Score
  • Changed Support for Joomla! 5.1's createQuery method in the db object
  • Changed Workaround for PRE element styling in Joomla! 5.1
  • Changed Workaround for Joomla! 5.1 CSS in alert DIVs
  • Changed Possible Threat files do not count towards modified files
  • Changed Rewritten WAF request block to better handle concurrent attacks
  • Changed PHP 8.4 compatibility: MD5 and SHA-1 functions are deprecated

New features​

  • Components sidebar menu item to open the appropriate server config maker for your site
  • Improved support for Joomla! 5.1's backend colour schemes
  • You can now choose the action for an invalid administrator secret URL parameter

Miscellaneous changes​

  • Re-arrange order of execution to process IP blocks before request blocking features
  • Remove Itemid from Suspicious Core Parameters, it has its own feature (ItemidShield)

What's new?​

Allow empty Itemid even when Suspicious Core Parameters feature is enabled. Joomla no longer recommends using an empty menu item ID in the URL, i.e. Itemid=. Despite that, it will still parse it as though you are using the home menu item ID. In previous versions of Admin Tools, the Suspicious Core Parameters feature would block requests with an empty Itemid, but a lot of third party software still does that since it does not otherwise cause an obvious problem in Joomla!. In the interest of making everyone's life easier, Admin Tools will now allow explicitly allow Itemid= and Itemid=0 in requests, even though it's discouraged by Joomla! itself.
Bug fixes and minor improvements. Please take a look at the CHANGELOG below.

Changelog​

Bug fixes​

  • [MEDIUM] Joomla does not return the plugin ID when it's disabled, leading to broken links in the UI
  • [MEDIUM] Server configuration maker: Fixed fatal error when web servers different than Apache are used

Miscellaneous changes​

  • Allow empty Itemid even when Suspicious Core Parameters feature is enabled
v7.5.2
  • Important Joomla-recommended .htaccess code was breaking the site
v7.5.1
  • Important Detecting PHP handlers can break if there is no .htaccess file yet
  • Important Error in version.php breaks the control panel interface
v7.5.0
  • Added Improved support for Joomla! 5.1 dark mode
  • Added Detect and import PHP version directives into the .htaccess Maker
  • Changed Reintroduce old value format workarounds for people being late to upgrading from Joomla! 3.x
  • Fixed [LOW] Admin Tools Core showed an (unsupported) URL Redirection menu item
  • Fixed [LOW] Some numeric Configure WAF options did not have their limits enforced
  • Fixed [LOW] Double Gzip/Brotli compression for some core Joomla! files when both compression algorithms are supported
- Added Optional description field on “Never block these IPs” and “Never blocked domains”
- Fixed [MEDIUM] Suspicious Core Parameter always applied the cmd filter, leading to false positives
  • Added more options to the not log and not email for the reasons options
  • Like
Reactions: drum

What's new?​

WAF Exceptions now work with the Block Suspicious URL Parameters feature. Since this feature is likely to cause false positives on misbehaving extensions, we changed our WAF Exceptions feature to also override the Block Suspicious URL Parameters when an exception is matched.

Even better workaround for the Joomla! Database Maintenance page bug. The Database page in Joomla incorrectly claimed that Admin Tools' database tables where out of date, even though they were not. Even though we had removed the old update file Joomla! was tripping itself over, Joomla! would of course not remove it on upgrade (because Joomla; it doesn't make sense, it's how it works). We are now attacking this problem with a one-two punch. First, we have put back the file, but empty, so that Joomla! does not trip over it. Moreover, we have added post-update code to delete that very same file, doing what Joomla! would not do by itself. In case one workaround fails, the other will most likely work and rid you of this annoying problem.

Updated environment stats collection code. We base our decisions on how long to support End of Life PHP and Joomla! versions based on the anonymous, aggregate environment statistics we collect (the versions of our software, PHP, Joomla!, and database server you are using). We have updated the code which collects this information, modernising the “temporary solution” we had for the past ten years. Please remember that this feature is opt-out. If you want, you can always disable the collection of stats in the component's Options. We kindly ask you to leave it enabled; it's anonymous, and help us make better decisions about how long we support obsolete software. If you disable it, please don't complain that we stopped supporting an obsolete version you're still using since you literally chose to not count (we're stating this in the absolutely literal sense: disabling stats collection means your site is not in the aggregate count data we look into when making these decisions!).

Bug fixes and minor improvements. Please take a look at the CHANGELOG below.

Changelog​

Critical bugs and important changes​

  • CSS compilation error
  • Like
Reactions: drum

New features​

  • Block Suspicious Core Parameters feature

Bug fixes​

  • [HIGH] The “Add persistent offenders to the IP Disallow List” did not work due to a typo
  • [LOW] Missing language string
  • [LOW] Missing translations when using Joomla Scheduled Tasks
  • [LOW] PHP 8.3 deprecated notice in ComponentParameters service (no functional issue)
  • [LOW] PHP deprecated notice about implicit float to integer conversion on PHP File Change Scanner (no functional issue)
  • [LOW] The additional context of blocked requests was not shown in the Blocked Requests Log page

Miscellaneous changes​

  • Move Unblock My IP into Security when not showing the Graphs panel to balance the display
  • The reason in emails reporting a blocked IP was always reported as blocked IP which wasn't useful
  • Workaround for the Joomla! bug making it erroneously claim in the Maintenance: Database page that Admin Tools' database tables are not up-to-date when they actually are.

New features​

  • Support bCrypt encryption for Administrator Password Protection on Apache 2.4+

Bug fixes​

  • [HIGH] NginX Conf Maker: Backend protection would make backend unavailable in newer NginX versions
  • [LOW] HSTS option UI wouldn't let you turn it off
  • [LOW] Htaccess Maker: Fixed PHP notices when a particular combination of options was used
  • [LOW] URL Redirections appears in the Core version, even though it won't do anything; removed
Top