Release highlights
.htaccess and NginX Conf Maker improvements. We have added nearly two dozen new protection and site
optimisation options in these two features. Please read the updated documentation and regenerate your .htaccess and
NginX .conf files.
Improved PHP File Scanner. The threat scores are calculated more realistically now.
Joomla! 3 only
Our software now only supports the latest stable version of Joomla! available. At the time of this writing it is
3.4.1. Using older versions is NOT recommended for security reasons.
PHP 5.3.4 or later 5.x version is required
This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5
or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning
in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since
our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.
Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well,
it's a long story. TL;DR: It doesn't have to make sense, just accept it.
Changelog
Bug fixes
- [LOW] Geographic Blocking page: select all / none not working (leftover mooTools code)
- [LOW] Master Password page: select all / none not working (leftover mooTools code)
- [LOW] NginX Maker: The Preview button didn't work
New features
- .htaccess Maker & NginX Conf Maker: "Do not display in IFrame" option for HTTPS site
- .htaccess Maker & NginX Conf Maker: "Enable CORS (Cross Origin Request Sharing)" option
- .htaccess Maker & NginX Conf Maker: "Forbid TRACE and TRACK" option
- .htaccess Maker & NginX Conf Maker: "Protect against clickjacking" option
- .htaccess Maker: "Set the UTF-8 character set as the default" option
- .htaccess Maker: Choose how to send ETags (or whether not to send them at all)
- .htaccess Maker: Force GZip compression for mangled Accept-Encoding headers
- .htaccess Maker: Prevent content transformation
- .htaccess Maker: Protection against third party settings modification and .htaccess file regeneration
- .htaccess Maker: Reduce MIME type security risks
- .htaccess Maker: Reflected XSS prevention
- .htaccess Maker: Remove Apache and PHP version signature
- .htaccess Maker: Will not allow you to add php as an allowed extension for the front-end and back-end protection as that nullifies the protection!
- .htaccess Maker: apply expiration headers also to .ogg files
- Add UTF-8 Multibyte (e.g. Emoji) support with the Database Collation feature!
- NginX Maker: Allows you to set up more complex fastcgi pass-throughs
- NginX Maker: Enable or disable ETags
- NginX Maker: Prevent content transformation
- NginX Maker: Protection against third party settings modification and nginx.conf file regeneration
- NginX Maker: Reduce MIME type security risks
- NginX Maker: Reflected XSS prevention
- NginX Maker: Will not allow you to add php as an allowed extension for the front-end and back-end protection as that nullifies the protection!
- You can now disable automatically reordering the Admin Tools system plugin
- [HIGH] NginX Maker: Front-end protection could lead to an infinite redirection loop with SEF URLs on multi-language sites
- [LOW] NginX Maker: The "No directory indexes" option could cause problems with SEF URLs on multi-language sites
Miscellaneous changes
- The PHP File Scanner was updated. The threat scores are now more realistically calculated.