Download Our Latest Software

Admin Tools

version 4.3.1 Stable

Released on: Monday, 02 October 2017 10:39

Release highlights

Server configuration makers now support WOFF2 in the expiration time feature. If you are using the .htaccess Maker, Nginx Conf Maker or web.config Maker with the expiration time feature you will see that support for WOFF2 font files, the modern format used by newer CSS frameworks, is now added. You will need to regenerate the configuration file for this to take effect.

Support for Joomla's task=viewName.taskName notation in the WAF Exceptions feature. Joomla! components using the core MVC may use the notation task=viewName.taskName instead of view=viewName&task=taskname. Due to the way Joomla! works under the hood, either could be used to get to the same page. This made writing WAF Exceptions targeting these components tricky. Now we automatically handle these tricky situations without you having to write additional WAF Exception rules. You're welcome!

Clicking on "Reload update information" will fix Joomla! erroneously reporting an update is available when you have the latest version installed. As you know, all of our Joomla! software is using Joomla's extension update feature for updates. We have no control over it. Unfortunately, sometimes Joomla! drops the ball, like persistently reporting that an update is available even though you have literally just installed the latest version. If that happens click on the Reload Update Information button in the component and we will try to beat Joomla! into submission.

Added warning if HHVM is used instead of PHP. We have seen that many hosts let you pick or silently use HHVM instead of PHP. HHVM is a different language which is mostly, but not completely, compatible with PHP. The differences cause issues in Joomla! itself as well as our software due to no fault of the developer. In fact, HHVM is optimized for use with a different language called Hack. If Admin Tools detects that you are using HHVM it will warn you and ask you to switch to PHP 7. PHP 7 is faster than HHVM and compatible with all modern versions of Joomla! (3.6 onwards) and, of course, our software.

You can now define the timezone used when sending emails with security advice. Up until now all emails were sent in the GMT timezone. This was on purpose, since the effective Joomla! timezone could be different depending on who is logged in. We thought that should people get confused with GMT they could always look at the time the email was sent which is always displayed by your mail client in your local timezone. Apparently the people who get confused with GMT don't think about looking at their email client's header line. Well, OK then, we now let you specify a timezone for all emails with security information sent be Admin Tools. It no longer has to be GMT!

WAF Blacklist rules can now apply in just the frontend of your site (default), just the backend or both. This lets you create patterns which will result in security exceptions even in the backend (administrator) of the site. Useful when you have software written by misguided developers who use an /administrator URL for public callbacks such as the return URL for credit card payments.

Added Console Warning feature (inform the user to prevent Self XSS). We have noticed that more and more people blindly follow instructions by random, non-vetted people on the Internet to solve problems or optimize their sites. This blind, implicit trust has led to a new threat: a legitimate looking blog or forum post which tells you to open the JavaScript console on your browser and type something. In many cases this is a sinister trick which causes your site to send privileged information to an attacker, or causes a redirection to a phishing (malicious information gathering) page under the attacker control. This is a form of self-inflicted cross-site scripting or Self XSS for short. Admin Tools will now print out a warning in your browser's JavaScript console to prevent you from falling prey to that. You can always disable this feature in the Configure WAF page.

Updates now use HTTPS for everything, both the update information and the update ZIP file. We are ramping up the security of the software update delivery by making all update information and the update ZIP file itself be always delivered over HTTPS.

The Rescue URL was not working. We introduced the Rescue URL feature in the previous version to let you unblock yourself easily. Unfortunately, the testing only covered half of the feature (sending the email information) but not the actual Rescue feature itself. Therefore a bug slipped through rendering the feature inopearable. We fixed the bug and updated our tests to ensure that something like that will not happen again.

Joomla! 3.4, 3.5, 3.6, 3.7 and 3.8 only

This version of Admin Tools will only work on Joomla 3.4 and later versions (3.5, 3.6, 3.7 and 3.8). Please note that support for Joomla! 3.4 and 3.5 may be removed in the next release.

We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for older versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against the supported versions of Joomla! as stated above and found them to be working properly.

PHP 5.4.0 or a later version is required

Support for PHP 5.3 is discontinued. It's end of life since August 2014 and widely considered a security risk, unfit for production sites. Our software requires PHP 5.4 or later and is compatible with PHP 5.4, 5.5, 5.6, 7.0 and 7.1. At the time of this writing PHP 7.2 is still a release candidate and we cannot guarantee official support for it Please note that as of January 2017 PHP 5.6 has entered the long term support phase: bugs are NOT fixed, only major security issues will be fixed. Therefore we strongly recommend using PHP 7.1.

We'd like to remind you that Joomla! 3.4 does NOT support PHP 7. PHP 7 is only supported by Joomla! 3.5.0 and later versions. Admin Tools will work perfectly fine (and very fast!) on a Joomla! 3.6 or later site running on PHP 7.1.

Changelog

Bug fixes

  • [LOW] Fixed blocking a specific task with WAF Blacklist feature
  • [LOW] Removed debug message when system plugin file is renamed
  • [MEDIUM] Rescue URL feature was not working
  • [MEDIUM] Use of TraceEnable in .htaccess would always lead to 500 error. Now using a Rewrite rule instead.

New features

  • .htaccess / nginx.conf Maker: add support for WOFF2 in expiration time feature
  • Added Console Warning feature (inform the user to prevent Self XSS) (gh-136)
  • Added warning if HHVM is used instead of PHP
  • Clicking on "Reload update information" will fix Joomla! erroneously reporting an update is available when you have the latest version installed
  • Support for Joomla's task=viewName.taskName notation in the WAF Exceptions feature (gh-137)
  • WAF Blacklist rules can now apply in just the frontend of your site (default), just the backend or both (gh-138).
  • You can now define the timezone used when sending emails with security advice (gh-139)

Miscellaneous changes

  • Updates now use HTTPS URLs for both the XML update stream and the package download itself

Removed features

  • Removed unused Options