Admin Tools 4.0.2 Stable

Released on: 2016-10-25 09:02 CDT

Release highlights

MITIGATION FOR JOOMLA SECURITY ISSUE. Joomla 3.4.4 to 3.6.3 (inclusive) has a security vulnerability which allows unauthenticated users to register users with any user group except Super User. This is a high priority security issue which can be used to deface or thoroughly compromise affected sites. This version of Admin Tools includes a new WAF Blacklist rule which detects this kind of attack and stops it. If, for any reason, you cannot update immediately to Joomla! 3.6.4 or later please install Admin Tools 4.0.2 to protect your site.

Warnings on database corruption which can prevent Admin Tools from operating normally.

Added font files to the expiration optimization features of NignX and Htaccess Maker. Now font files will have an expiration time to the future, further optimizing repeated visits to your site.

.htaccess Maker: Remove default expiration time for HTML documents because it conflicts with back-end editing. Some servers would end up overriding Joomla's no cache headers when the "Set default expiration time to 1 hour" feature was enabled in the .htaccess Maker. This behaviour, compounded with a bug in Joomla (it uses the wrong HTTP redirection code) and a Joomla feature (which requires visiting a special URL before editing an item) could lead to inability to edit articles, modules, plugins etc in the back-end of your site until you logged out and back in again.

Bug fixes in the .htaccess Maker, nginx.conf Maker and web.config Maker. If you are using these features please regenerate your .htaccess, nginx.conf or web.config file with the new version of Admin Tools to apply the bug fixes on your site's configuration file.

Wrong default ordering in the Security Exceptions page. Now the entries are sorted from newest to oldest which makes much more sense.

Joomla! 3.4, 3.5 and 3.6 only

This version of Admin Tools will only work on Joomla 3.4 and later versions, including the brand new Joomla 3.6.

We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for older versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against the supported versions of Joomla! as stated above and found them to be working properly.

PHP 5.4.0 or any later 5.x/7.x version is required

Support for PHP 5.3 is discontinued. It's end of life since August 2014 and widely considered a security risk, unfit for production sites. Our software requires PHP 5.4 or later and is compatible with PHP 5.4, 5.5, 5.6 and 7.0. We strongly recommend using PHP 5.6 or 7.0.

We'd like to remind you that Joomla! 3.4 does NOT support PHP 7. PHP 7 is only supported by Joomla! 3.5.0 and later versions. Admin Tools will work perfectly fine (and very fast!) on a Joomla! 3.6 or later site running on PHP 7.0.

Changelog

Bug fixes

  • [HIGH] NginX Conf Maker generates invalid code for allowed PHP files
  • [HIGH] WAF Blacklist was incompatible with SEF URLs as it was being triggered onAfterInitialize instead of onAfterRoute
  • [LOW] Could not preview generated nginx.conf and web.config
  • [LOW] Fixed modal windows when graphs are not displayed in the Control Panel
  • [LOW] NginX Conf Maker and Web.config Maker claim they are not supported when they actually are
  • [LOW] NginX Conf Maker: “Optimise file handle cache” and “Optimise output buffering” options were mixed up
  • [LOW] Removed unused option in “Admin Tools Joomla! Update Email” system plugin
  • [LOW] The Security Exceptions page had the wrong default ordering
  • [LOW] The automatic redirection to HTTP when you're using the HSTS header in the .htaccess Maker would end up in an invalid URL on some servers with a bad configuration
  • [MEDIUM] Fixed custom HTML template used to display the block message
  • [MEDIUM] Web.config Maker: Block access from specific user agents feature causes a 500 Internal Server Error

New features

  • Added a Published field to the WAF Blacklist records, allowing you to enable/disable rules
  • Added font files to the expiration optimization features of NignX and Htaccess Maker
  • Added mitigation for user registration exploit in Joomla! 3.4.4 to 3.6.3 (inclusive). The mitigation rule is added in the WAF Blacklist feature.
  • Added warning if database updates are stuck due to table corruption

Miscellaneous changes

  • .htaccess Maker: Remove default expiration time for HTML documents because it conflicts with back-end editing

Release files

Admin Tools Core

pkg_admintools-4.0.2-core.zip

931.67 Kb

Joomla! 3.4 Joomla! 3.5 Joomla! 3.6 PHP 5.4 PHP 5.5 PHP 5.6 PHP 7.0

Download now