Akeeba Admin Tools PRO 7.7.2

New features​

• Support for top-level files folder introduced in Joomla! 5.3.0

Bug fixes​

• [LOW] Error, or inconsistent output when deleting the last item of the last page of a list
• [LOW] Features using SuperUsersTrait generate a deprecated notice
• [LOW] Multiple email addresses required comma and space as a separator instead of just a comma
• [MEDIUM] HSTS HTTP header not set on hosts relying on X-Forwarded-Proto to detect HTTPS
• [MEDIUM] Monitor Super User accounts ignores its configured email address
• [MEDIUM] Redirect non-www to www didn't work correctly on hosts relying on X-Forwarded-Proto to detect HTTPS

New features​

• Specific email recipients for configuration, files, and super users monitoring [gh-322]

Bug fixes​

• [HIGH] CLI WAF set command cannot set 0 value to boolean options
• [HIGH] Using “Show errors using a customisable HTML template” with the “System - Page Cache” plugin enabled could lead to the home page showing the block error message
• [LOW] Fixed PHP warnings while using the Htaccess Maker and frontend/backend protection is not enabled
• [LOW] Hiding the message about blocked requests email wouldn't work with cahcing enabled
• [LOW] Missing translation keys for CLI server config set commands
• [LOW] Redirection loop on HTTPS under some proxied configurations

Miscellaneous changes​

• Allowed Domains now returns the more appropriate HTTP status 421
• Replace defunct ip-lookup.net with whatismyipaddress.com

New features​

• Notify about an increase in blocked requests [gh-319]
• Notify when the Email on Blocked Request is enabled [gh-321]
• `admintools:temp:clear` CLI command to clean the temporary directory

Bug fixes​

• [LOW] PHP Warning when a blocked request does not have a User-Agent string
• [LOW] Typo in MailTemplateHotFix
• [LOW] Unblock My IP erroneously appears in the Core version's Control Panel page

Miscellaneous changes​

• Better IP filtering, now supports IPv4-in-IPv6
• Make accurate PHP CLI path detection optional
• Simplify and improve the Clean Temp-Directory feature

New features​

• Accurate PHP CLI path in the PHP File Change Scanner Scheduling page
• Added support for multiple email addresses inside WAF configuration
• Automatically delete Temporary Super Users no longer linked to Joomla users
• Backend management tables multiple row select and column hiding support
• Password hashing algorithm selection for password-protect admin folder
• Workaround for Joomla! 5.2 broken mail template layout

Bug fixes​

• [LOW] Do not produce a fatal error if we get an error while saving IP address on new user registration
• [LOW] In some specific circumstances, WAF exceptions were not correctly applied

Miscellaneous changes​

• Updated list of forbidden usernames
• Updated list of user agents to block

v7.6.1​

• Fixed [HIGH] Possible PHP error whilst logging a blocked request

v7.6.0​

• Added Reset Joomla! Update feature from the backend, the CLI, or a Scheduled Task
• Changed PHP File Change Scanner will now strip comments before evaluating the Threat Score
• Changed Support for Joomla! 5.1's createQuery method in the db object
• Changed Workaround for PRE element styling in Joomla! 5.1
• Changed Workaround for Joomla! 5.1 CSS in alert DIVs
• Changed Possible Threat files do not count towards modified files
• Changed Rewritten WAF request block to better handle concurrent attacks
• Changed PHP 8.4 compatibility: MD5 and SHA-1 functions are deprecated

New features​

• Components sidebar menu item to open the appropriate server config maker for your site
• Improved support for Joomla! 5.1's backend colour schemes
• You can now choose the action for an invalid administrator secret URL parameter

Miscellaneous changes​

• Re-arrange order of execution to process IP blocks before request blocking features
• Remove Itemid from Suspicious Core Parameters, it has its own feature (ItemidShield)

What's new?​

Allow empty Itemid even when Suspicious Core Parameters feature is enabled. Joomla no longer recommends using an empty menu item ID in the URL, i.e. Itemid=. Despite that, it will still parse it as though you are using the home menu item ID. In previous versions of Admin Tools, the Suspicious Core Parameters feature would block requests with an empty Itemid, but a lot of third party software still does that since it does not otherwise cause an obvious problem in Joomla!. In the interest of making everyone's life easier, Admin Tools will now allow explicitly allow Itemid= and Itemid=0 in requests, even though it's discouraged by Joomla! itself.
Bug fixes and minor improvements. Please take a look at the CHANGELOG below.

Changelog​

Bug fixes​

• [MEDIUM] Joomla does not return the plugin ID when it's disabled, leading to broken links in the UI
• [MEDIUM] Server configuration maker: Fixed fatal error when web servers different than Apache are used

Miscellaneous changes​

• Allow empty Itemid even when Suspicious Core Parameters feature is enabled

v7.5.2

• Important Joomla-recommended .htaccess code was breaking the site

v7.5.1

• Important Detecting PHP handlers can break if there is no .htaccess file yet
• Important Error in version.php breaks the control panel interface

v7.5.0

• Added Improved support for Joomla! 5.1 dark mode
• Added Detect and import PHP version directives into the .htaccess Maker
• Changed Reintroduce old value format workarounds for people being late to upgrading from Joomla! 3.x
• Fixed [LOW] Admin Tools Core showed an (unsupported) URL Redirection menu item
• Fixed [LOW] Some numeric Configure WAF options did not have their limits enforced
• Fixed [LOW] Double Gzip/Brotli compression for some core Joomla! files when both compression algorithms are supported

- Added Optional description field on “Never block these IPs” and “Never blocked domains”
- Fixed [MEDIUM] Suspicious Core Parameter always applied the cmd filter, leading to false positives

• Added more options to the not log and not email for the reasons options