Changelog
Critical bugs and important changes
- No access control applied in Include and Exclude Information features
Bug fixes
- [HIGH] Class not found errors when trying to access some pages in Akeeba Backup
Security release (low priority, medium impact issue). Versions 9.4.0 and 9.4.1 had a bug where no access control applied in Include and Exclude Information features. However, this does not mean that your site was in danger at any point. These features are only accessible to users who have the Access Administration Interface (core.manage) permission for Akeeba Backup. On a default installation this is Super Users and Administrators only, the only user groups who have the Configure (akeebabackup.configure) permission also allowed for them. The security issue we are solving is if you had given Access Administration Interface for Akeeba backup to a specific user group but
not the Configure permission its users could access Akeeba Backup and manipulate the URL to see and change the profiles configuration and the configuration of excluded databases, files and folders and included off-site folders and additional databases. These are users who are already given backend access to your site,
not any random, unauthenticated visitor. This could still be problematic from a security point of view, therefore we recommend that you update to this new version immediately.
Requires Joomla 4.2 or later, PHP 7.4.0 or later. To best prepare for the upcoming versions of Joomla and PHP we had to make some changes to our software. These changes mean that we can no longer support Joomla 4.1 or earlier, or PHP 7.3 or earlier. These versions of Joomla and PHP are already End of Life (EOL) and are used by less than 2% of our clients.
No more messages about your PHP version. We will no longer show you messages about your PHP version having entered security maintenance mode (no bug fixes planned, one year or less before becoming End of Life) or about running End of Life versions of PHP. Joomla already does that in its main Control Panel page.
