Akeeba Backup for Joomla! 4.5.0 Stable

Released on: 2015-12-18 05:23 CST

Release highlights

IMPORTANT! Behaviour change. All remote backup features (front-end URL, JSON API) will be automatically disabled if you are using a Secret Word that's not strong enough. This is done to protect your against brute forcing of the Secret Word which could allow attackers to take and download backups of your sites. Please read our release announcement for more information.

Integrated updater to be optionally used instead of Joomla!'s own extensions updater. Please note that under Joomla! 1.6, 1.7, 2.5, 3.0 and 3.1 you do not have a choice: you will use the integrated updater instead of Joomla!'s. If you try using Joomla!'s extensions updater under these old versions of Joomla! to update Akeeba Backup Professional you will get an error.

Extended Joomla! and PHP support. We now support Joomla! 1.6, 1.7, 2.5, 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5 running on PHP 5.3.03 or later including PHP 5.4, 5.5, 5.6 and 7.0. Please note that not all versions of Joomla! run on all versions of PHP. Furthermore, we do NOT support PHP 5.2 even though older versions of Joomla! may run on it. If unsure please check our Compatibility page.

Text log in ALICE, the log analyzer. You can paste that text when you are requesting support to help us help you more efficiently.

Automatically run ALICE if an error occurs (only applies to backups taken from the interactive web interface).

Support for Amazon S3's Standard- Infrequent Access storage type (Professional versions only)

More stable Site Transfer Wizard thanks to improved transfer chunk size calculations

Security update #1 (low importance issue). Someone who already knows your Secret Word can store XSS in the database if the remote backup is enabled and you're not using the security enhanced .htaccess file (discovered by NCC Group). Low importance because this security issue requires the attacker to already know your Secret Word. However, if they have it they can already take and download backups of your site, exposing you to much higher and immediate risk. Therefore we consider it a low importance issue: it requires your site to essentially be already compromised.

Security update #2 (low importance issue). Open redirection in back-end backups (discovered by Calum Hutton, NCC Group). This only works if you are able to run an automatic backup while already logged in to your site's back-end as a Super User. Furthermore, this requires that the attacker knows the session token. As a result, the only way to exploit this is by using a malicious Joomla! extension running on your site while you are logged in as a Super User. In this case the malicious extension has already fully compromised your site BEFORE it can exploit this security issue. Therefore we consider it a low importance issue: it requires your site to be already fully compromised.

Joomla! 1.6 or later

This is not a typo! After considering the vast amount of changes in third party services Akeeba Backup integrates with (such as Dropbox and Amazon S3) we decided to reinstate compatibility with Joomla! 1.6, 1.7, 2.5, 3.0, 3.1, 3.2, 3.3 and also support the current Joomla! version 3.4 and the upcoming 3.5.

PHP 5.3.3 or later 5.x version is required

The minimum required PHP version is 5.3.03. All versions of PHP from 5.3.03 onwards are supported, including 5.4, 5.5, 5.6 and the just released PHP 7.0. The component will not work on PHP 5.2 or earlier and will, in fact, refuse to install on it. We'd like to remind you that Joomla! 3.4 and earlier does NOT support PHP 7. Joomla! 3.5 (currently in beta) does support PHP 7. Akeeba Backup will work just fine in a Joomla! 3.5 site running on PHP 7.0.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] ANGIE for Drupal: Fixed endless loop while trying to read the configuration
  • [LOW] ANGIE for Wordpress: Fixed missing email address in site setup
  • [LOW] ANGIE for Wordpress: Fixed missing version number
  • [LOW] Low encoding of media folder permissions check could show an erroneous message on some sites (thanks Angel!)
  • [LOW] Notice thrown by the auto-update CLI script
  • [LOW] Open redirection in back-end backups (discovered by Calum Hutton, NCC Group)
  • [LOW] Site Transfer Wizard, bad performance of the test FTP/SFTP servers could lead to an instant error when accessing this feature
  • [LOW] Someone who already knows your Secret Word can store XSS in the database if the remote backup is enabled and you're not using Joomla!'s or Admin Tools' .htaccess file (discovered by Calum Hutton, NCC Group)

New features

  • Added textual output to ALICE so it could be included in support tickets
  • Automatically run ALICE if an error occurs during the last domain of a backup
  • Integrated updater (optional for Joomla! 3.2+, mandatory for Joomla! 1.x/2.x/3.0/3.1)
  • Support for Amazon S3's Standard- Infrequent Access storage type

Miscellaneous changes

  • More stable Site Transfer Wizard thanks to improved transfer chunk size calculations
  • Now compatible with Joomla! 1.7, 2.5, 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5 running on PHP 5.3.03+, 5.4, 5.5 and 5.6.

Critical bugs and important changes

  • Front-end and remote backup features will be DISABLED if we detect an insecure Secret Word

Release files

Akeeba Backup Core

com_akeeba-4.5.0-core.zip

2.50 Mb

Joomla! 1.6 Joomla! 1.7 Joomla! 2.5 Joomla! 3.0 Joomla! 3.1 Joomla! 3.2 Joomla! 3.5 PHP 5.3 PHP 5.4 PHP 5.5 Joomla! 3.3 Joomla! 3.4 PHP 5.6 PHP 7.0

Download now