Download Our Latest Software

Admin Tools 3.6.4 Stable

Released on: 2015-10-19 03:52 CDT

Security advisory for Joomla! 3

The Joomla! project announced the imminent availability of a new version which fixes a very high priority security issue. This issue has been discovered by different independent security researchers and affects certain Joomla! 3 versions. However, the patch to address this issue will only be available for Joomla! 3.4.

This version of Admin Tools contains all the necessary mitigation measures against this security issue. If unsure, run our Quick Setup Wizard and accept the default values to enable all the Web Application Firewall features necessary.

Joomla! 3 only

Despite our policy of only allowing installation on the latest Joomla! release, this version will exceptionally run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the aforementioned Joomla! security issue.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.


Bug fixes

  • [HIGH] Possible false negatives for certain query parameters when applying WAF protections
  • [LOW] Fixed WAF exceptions when we have no option parameter
  • [LOW] Fixed double slash in www to non-www redirect with no rewrite base parameter

New features

  • Support array query parameters in the WAF blacklist feature
  • Support negated RegEx in the WAF blacklist feature (for both the query parameter and the query value)

Miscellaneous changes

  • Improved SQLiShield feature
  • This version is compatible with Joomla! 3.0 to 3.4, inclusive

Release files

Admin Tools Core

1.23 Mb

PHP 5.3 PHP 5.4 PHP 5.5 PHP 5.6 Joomla! 3.0 Joomla! 3.1 Joomla! 3.2 Joomla! 3.3 Joomla! 3.4

Download now