Released on: Friday, 20 March 2020 10:02
Automatic security check of the backup output directory.
We have detailed the security considerations for the backup output directory since 2007. Unfortunately, we still
see (very few) people run Akeeba Backup with a web-readable backup output directory which can be a security issue,
especially if you're using non-encrypted archives (JPA and ZIP). Starting with this version, Akeeba Backup will
evaluate the security of your backup output directory and offer to fix it for you. Moreover, you will automatically
[RANDOM] (a random, 16 alphanumeric character string) appended to the end of the backup archive's
name whenever Akeeba Backup is not entirely convinced about the security of your output directory and always for
Improved storage of temporary data and logs. We have removed the database storage option for temporary data stored while the backup is in progress. That was a leftover from the early days of the software back in 2007 to 2009. The server landscape has changed, making this option irrelevant. Furthermore, the log file and the “memory file” used by Akeeba Backup now has a .php extension and starts with a die statement, making it inaccessible from the web even if your backup output directory doesn't follow our security best practices. This significantly increases the security of your backup software installation even on the rare servers where the automatic security check (see above) can't make the directory inaccessible over the web.
Bug fixes and miscellaneous improvements. We regularly make changes to our backup software to address known issues and improve existing features with small tweaks that don't get an explicit mention in these release notes. Please consult the changelog below.
We only officially support the latest stable branch of Joomla!. At the time of this writing it is Joomla! 3.9.
Our software should still run on Joomla! 3.8. That version are not actively supported by us or the Joomla! project anymore. We strongly advise you to run the latest available version of Joomla! for security reasons. Older versions of Joomla! have known major security issues which are being actively exploited to hack sites.
We only officially support using our software with PHP 5.6, 7.2, 7.3 or 7.4.
Our software should still run on PHP 7.0 and 7.1 but we are no longer testing our software with this PHP version or consider it a supported environment for our software.
We strongly advise you to run either of the two latest available version branches of PHP on a branch currently maintained by the PHP project for security and performance reasons. Older versions of PHP have known major security issues which are being actively exploited to hack sites and they have stopped receiving security updates, leaving you exposed to these issues. Moreover, they are slower, therefore consuming more server resources to perform the same tasks.
Kindly note that our policy is to officially support only the PHP versions which are not yet End Of Life per the official PHP project with a voluntarily extension of support for 6 to 9 months after they become End of Life. After that time we stop providing any support for these obsolete versions of PHP without any further notice. New version branches of PHP will be supported experimentally starting sometime during their Release Candidate phase and fully about 4 to 8 weeks after the first stable version of that branch is released.