Akeeba Backup 3.2.7 (SECURITY RELEASE) just released.
We are announcing the immediate availability of Akeeba Backup 3.2.7, the latest version of our acclaimed backup component for Joomla! 1.5 and 1.6 web sites.
IMPORTANT! THIS IS A SECURITY RELEASE; ALL USERS ARE REQUESTED TO UPDATE
On Friday, April 15th, 2011 the acclaimed security analyst Jeff Channel contacted us regarding a potential security issue in the Akeeba Backup component. An attacker exploiting this attack vector could potentially launch a Denial of Service attack on your site or gain information about your site's folder structure. This release fixes this issue.
After careful analysis of the details of the reported vulnerability, we concluded that all versions of Akeeba Backup and JoomlaPack were affected by this issue. Please note that, as of today, JoomlaPack downloads –which where available for historical reasons– will no longer be available from our JoomlaCode.org project page. Moreover, all affected versions will, likewise, be unavailable for download. [div class="alert" class2="typo-icon"]IMPORTANT CLARIFICATION: The nature of the vulnerability DOES NOT allow an attacker to infiltrate ("hack") your site. What he can do is a. fill up its hard drive and crash it or b. collect information which he can use with another vulnerable extension to infiltrate your site. If your site got hacked, Akeeba Backup COULD NOT have been used as an attack vector.[/div]
As always, Akeeba Backup Core is free for download from our Downloads section. Documentation is provided in both PDF format and as an on-line book. We strongly suggest all of our users to read the Quick Start Guide or watch the Video Tutorials before using the component.
If you are a Professional subscriber, do note that Live Update may not be able to download the update file. In this case, please download the update package from https://www.AkeebaBackup.com/latest and install it on top of your existing Akeeba Backup installation.
Nicholas K. Dionysopoulos
Lead Developer, AkeebaBackup.com