Akeeba 4.5.0

Version majeure du composant et de sécurité. Mise à jour à faire rapidement.
Une version majeure implique souvent des changements notables. Par exemple sur cette version les changements portent essentiellement sur les sauvegardes à distances (sauvegarde en frontend, JSON API) qui seront désactivées si vous ne modifiez pas le mot de passe de sécurité. Voyons le détail ensemble...

Quoi de neuf dans cette version Akeeba 4.5.0 ?

Une modification du mot de passe secret de sauvegarde à distance

Depuis toujours le composant Akeeba permet de faire des tâches automatiques de sauvegarde. Pour cela il faut absolument créer un mot de passe de sécurité, en plus d’autoriser certaines choses en backend. Ce mot de passe c’est nous qui le fixions en mettant ce que nous voulions. Or peu d’utilisateurs mettent des mots de passe réellement sécurisés, par exemple 12 caractères avec majuscule, minuscule, caractères spéciaux et chiffres. Cette nouvelle version oblige à fixer un mot de passe donné par le composant lui-même. Ce faisant le travail des hackers est de fait beaucoup moins simple.

D’autres petites choses dans cette version

Nous ne les traduisons pas toutes en anglais mais si vous voulez vraiment avoir une traduction n’hésitez pas à utiliser des outils comme reverso.net

Integrated updater to be optionally used instead of Joomla!'s own extensions updater. Please note that under Joomla! 1.6, 1.7, 2.5, 3.0 and 3.1 you do not have a choice: you will use the integrated updater instead of Joomla!'s. If you try using Joomla!'s extensions updater under these old versions of Joomla! to update Akeeba Backup Professional you will get an error.

Extended Joomla! and PHP support. We now support Joomla! 1.6, 1.7, 2.5, 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5 running on PHP 5.3.03 or later including PHP 5.4, 5.5, 5.6 and 7.0. Please note that not all versions of Joomla! run on all versions of PHP. Furthermore, we do NOT support PHP 5.2 even though older versions of Joomla! may run on it. If unsure please check our Compatibility page.

Text log in ALICE, the log analyzer. You can paste that text when you are requesting support to help us help you more efficiently.

Automatically run ALICE if an error occurs (only applies to backups taken from the interactive web interface).

Support for Amazon S3's Standard- Infrequent Access storage type (Professional versions only)

More stable Site Transfer Wizard thanks to improved transfer chunk size calculations

Security update #1 (low importance issue). Someone who already knows your Secret Word can store XSS in the database if the remote backup is enabled and you're not using the security enhanced .htaccess file (discovered by NCC Group). Low importance because this security issue requires the attacker to already know your Secret Word. However, if they have it they can already take and download backups of your site, exposing you to much higher and immediate risk. Therefore we consider it a low importance issue: it requires your site to essentially be already compromised.

Security update #2 (low importance issue). Open redirection in back-end backups (discovered by Calum Hutton, NCC Group). This only works if you are able to run an automatic backup while already logged in to your site's back-end as a Super User. Furthermore, this requires that the attacker knows the session token. As a result, the only way to exploit this is by using a malicious Joomla! extension running on your site while you are logged in as a Super User. In this case the malicious extension has already fully compromised your site BEFORE it can exploit this security issue. Therefore we consider it a low importance issue: it requires your site to be already fully compromised.

Change Log de cette version

Bug fixes

  • [HIGH] ANGIE for Drupal: Fixed endless loop while trying to read the configuration

  • [LOW] ANGIE for Wordpress: Fixed missing email address in site setup

  • [LOW] ANGIE for Wordpress: Fixed missing version number

  • [LOW] Low encoding of media folder permissions check could show an erroneous message on some sites (thanks Angel!)

  • [LOW] Notice thrown by the auto-update CLI script

  • [LOW] Open redirection in back-end backups (discovered by Calum Hutton, NCC Group)

  • [LOW] Site Transfer Wizard, bad performance of the test FTP/SFTP servers could lead to an instant error when accessing this feature

  • [LOW] Someone who already knows your Secret Word can store XSS in the database if the remote backup is enabled and you're not using Joomla!'s or Admin Tools' .htaccess file (discovered by Calum Hutton, NCC Group)
    New features

New features

  • Added textual output to ALICE so it could be included in support tickets

  • Automatically run ALICE if an error occurs during the last domain of a backup

  • Integrated updater (optional for Joomla! 3.2+, mandatory for Joomla! 1.x/2.x/3.0/3.1)

  • Support for Amazon S3's Standard- Infrequent Access storage type

  • Miscellaneous changes

New features

  • Added textual output to ALICE so it could be included in support tickets

  • Automatically run ALICE if an error occurs during the last domain of a backup

  • Integrated updater (optional for Joomla! 3.2+, mandatory for Joomla! 1.x/2.x/3.0/3.1)

  • Support for Amazon S3's Standard- Infrequent Access storage type

Miscellaneous changes

  • More stable Site Transfer Wizard thanks to improved transfer chunk size calculations
  • Now compatible with Joomla! 1.7, 2.5, 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5 running on PHP 5.3.03+, 5.4, 5.5 and 5.6.

Critical bugs and important changes

  • Front-end and remote backup features will be DISABLED if we detect an insecure Secret Word

Agence Agerix Bordeaux

4 rue Jean Moulin - 33310 Lormont

Agerix Bordeaux

Agence Agerix Paris

1 avenue Albert Bartholomé 75015 Paris

Agerix Paris

Ce site utilise Google Analytics. En continuant à naviguer, vous nous autorisez à déposer un cookie à des fins de mesure d'audience.