Better message when Allowed Domains kicks in to help you figure out what went wrong and how to fix it. In the past you would receive a generic HTTP 400 error page which was short enough that most browsers would replace with their own error page which was supremely unhelpful in understanding why you cannot access your site. You will now get a much longer page which explains which Admin Tools feature kicked in and what you need to do to fix the problem.
Automatically allow TinyMCE plugins when “Disable client-side risky behavior in frontend static content” is enabled. This feature automatically blocks all inline scripts in static content, including .html files, the idea being that any HTML content with executable code should only ever be generated by Joomla itself. However, TinyMCE plugins — that is, plugins to Joomla's default WYSIWYG text editor — use plain .html files with inline code. These are now allowed by default. You will need to regenerate your .htaccess, NginX configuration or web.config file using the respective Admin Tools feature to enable this behavior; don't worry, Admin Tools will remind you next time you visit its page.
Improved handling of empty multi-selection fields in the Configure WAF page. There is a disparity in how you can tell a Joomla form about the default value of a multiselect field (a comma separated string) and how it actually needs this data to understand it (as a PHP array), leading to confusion about what the default options really are. We have worked around this Joomla limitation so what you see on the Configure WAF page is what you get during the execution of the code.
Bug fixes and miscellaneous changes. Please read the CHANGELOG below.
This version only runs on Joomla 4.
Please consult our Compatibility page. It explains our version support policy and lists which versions of our software are compatible with which versions of Joomla and PHP.