Released on: Sunday, 17 April 2011 09:02
On Friday, April 15th, 2011 the acclaimed security analyst Jeff Channel contacted us regarding a potential security issue in the Akeeba Backup component. An attacker exploiting this attack vector could potentially launch a Denial of Service attack on your site or gain information about your site's folder structure. This release fixes this issue.
After careful analysis of the details of the reported vulnerability, we concluded that all versions of Akeeba Backup and JoomlaPack were affected by this issue. Please note that, as of today, JoomlaPack downloads –which where available for historical reasons– will no longer be available from our JoomlaCode.org project page. Moreover, all affected versions will, likewise, be unavailable for download.
IMPORTANT CLARIFICATION: The nature of the vulnerability DOES NOT allow an attacker to "hack" your site. What he can do is a. fill up its hard drive and crash it or b. collect information which he can use with another vulnerable extension to infiltrate your site. If your site got hacked, Akeeba Backup COULD NOT have been used as an attack vector.