Released on: Monday, 13 May 2019 08:23
Security release. A guest (not logged in) user could see a list of the names of all Two Step Verification methods for all users of the site but NOT their settings. The list only shows the method type, the method name the user has entered and a link to select that method which contains the numeric user ID (but not the username, email, full name or any other personally identifiable information).
This is a low priority security issue because it only divulges the names of 2SV methods. It DOES NOT compromise the security of 2SV since guest users CANNOT see or change the 2SV method settings. They can, however, select a method which might trigger sending an email (Email method), push message (PushBullet method) or text message (SMS / Text method). This could range from annoying (receiving lots of emails and push messages) to having a financial impact (sending too many text messages).
Joomla User Actions Log integration. We have created an
actionlog plugin to let you log user interactions with LoginGuard to the Joomla! User Actions Log component.
Akeeba LoginGuard is compatible with Joomla! 3.8 and 3.9.
Akeeba LoginGuard requires at least PHP 7.1. It's also compatible with PHP 7.2 and 7.3.
We strongly recommend using the latest published Joomla! version and PHP 7.2 or later for optimal security of your site.
IMPORTANT! Starting March 2019 we dropped support for all versions of PHP which are officially considered End Of Life (EOL) by the PHP project. EOL versions of PHP no longer receive security updates and MUST NOT be used on production sites.