Admin Tools 3.6.6 Stable

Released on: 2015-12-16 03:42 CST

Security advisory for Joomla! 3

The Joomla! project announced the immediate availability of version 3.4.6 which fixes a very high priority security issue. This issue has been discovered by different independent security researchers and affects all Joomla! versions from 1.5 onwards. However, the official patch to address this issue is only available for Joomla! 3.4. Unofficial patches exist for 1.5 and 2.5 but not for older 3.x versions.

This version of Admin Tools contains all the necessary mitigation measures against this security issue. If unsure, run our Quick Setup Wizard and accept the default values to enable all the Web Application Firewall features necessary. We STRONGLY advise you to enable the SQLiShield and MUAShield features to successfully mitigate the two known major security issues which were discovered in Joomla! in the second half of 2015.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will exceptionally run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the aforementioned Joomla! security issue.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] Wrong display rendering of file diffs
  • [HIGH] You couldn't configure WAF under Joomla! 3.0 and 3.1 without setting the "Long Configure WAF page" option to Yes
  • [LOW] Notice thrown by the auto-update CLI script
  • [LOW] Some .htaccess Maker options were not compatible with the *!!OLD, INSECURE, DO NOT USE!!* Apache 1.3 version family
  • [LOW] The Quick Setup Wizard button was shown in the Core edition by accident
  • [MEDIUM] The administrator URL parameter wasn't saved by the Quick Setup Wizard

New features

  • Inform the user if he needs to supply the Download ID

Critical bugs and important changes

  • Detection and neutralization of the high priority Joomla! security issue 20151201, ref https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html

Release files

Admin Tools Core

com_admintools-3.6.6-core.zip

1.34 Mb

PHP 5.3 PHP 5.4 PHP 5.5 PHP 5.6 Joomla! 3.0 Joomla! 3.1 Joomla! 3.2 Joomla! 3.3 Joomla! 3.4

Download now