As most of you already know, the Joomla! project has announced the imminent availability of a very important security hotfix on October 22nd, 2015. This high priority security issue affects certain Joomla! 3 versions but will only be available for Joomla! 3.4. This leaves users of older, unsupported versions of Joomla! (e.g. Joomla! 3.3) exposed to this vulnerability. In the interest of making everyone safe we have released a new version of Admin Tools which mitigates the vulnerability in all Joomla! 3.x versions.
How to protect your site
Download Admin Tools Professional and install it on your site. There will be a red message at the top of your site asking you to run the Quick Setup Wizard. Click the link and accept the default settings.
If you do not have a subscription that includes Admin Tools Professional you can purchase a new Admin Tools subscription with 30% discount by using the coupon code SKYFALL [1].
Who needs to install this version
As a rule of thumb, all users of Joomla! 3 need to install this update.
Please note that older versions of Admin Tools had a bug which could allow a hacker to work around the Web Application Firewall and exploit the vulnerability in Joomla. The possibility of launching a successful attack depended on many factors including the tools used, knowledge of certain privileged information about your site and even your site’s template. While remote, this bug could leave you exposed so we fixed it with extreme prejudice.
Can I expect support for my old Joomla! 3.0 / 3.1 / 3.2 / 3.3 site?
It depends. We offer full support for Joomla! 3.4. Older versions of Joomla! receive limited support. This means that we can help you with: using the software; figuring out exceptions or other configuration options necessary to run it on your site without conflicts; clarifying the documentation. We cannot always help you with: new feature requests; bug fixes. The latter are subject to our policies of supporting older Joomla! and PHP versions. While we are doing our best, we can only promise to work towards full compatibility and trouble free operation of all features with the latest Joomla! release only.
How safe is running Admin Tools on my old Joomla! 3.0 / 3.1 / 3.2 / 3.3 site?
Old Joomla! versions are always presenting a security risk. For example, Joomla! 3.0 was released more than four years ago. This is a very long time ago. Hundreds of bugs and tens of security issues have been fixed in the meantime. Many (most!) of them affect this version. Web Application Firewall software and services can only efficiently mitigate the effects of a subset of these security issues. Due to the increased risk of running outdated Joomla! versions we strongly advise you to take regular backups and audit your site’s files both with Admin Tools’ PHP File Scanner and with a third party service such as myJoomla.com.
In case you are wondering all of the security-critical features of Admin Tools are being automatically tested against the Joomla! versions the software can be installed on. We do not leave things to chance. This version was tested against Joomla! 3.0.4, 3.1.6, 3.2.5, 3.3.6 and 3.4.4 using PHP 5.3.29 (all Joomla! versions) and 5.5.26 (Joomla! 3.2, 3.3 and 3.4 only), covering over 85% of the live site configurations we have seen in the wild.
Note [1]: Coupon code SKYFALL is only valid for new ADMINTOOLS subscriptions and cannot be combined with any other coupon code, discount or promotion including automatic renewal discounts. It cannot be used for any other subscription package. The coupon code can be used once per user. The coupon code expires on December 31st, 2015 and cannot be used past that date. The link provided applies the coupon code automatically.