افزونه امنیتی جوملا آر اس فایروال RSFirewall

Version 3.0.6

• Added – Can download and import Blocklist/Safelist entries.
• Added – Can download and import Exceptions entries.
• Updated – Can filter by Country Code in the System Logs area.
• Updated – Session Handler check has been removed from the System Check.
• Updated – ‘autocomplete=off’ on the Captcha and Backend Password inputs.
• Updated – A few common files have been added to the ‘Ignored Hidden Files’ by default.
• Updated – SQL injection protection adjustments.
• Updated – Various Javascript code improvements.
• Fixed – Some checkboxes were not showing up correctly.
• Fixed – PHP 8 could show a warning message when downloading the GeoIP database.
• Fixed – ‘Search Tools’ was not staying open when filtering.

Version 3.0.5

• Fixed – In some cases protected users where not reverted to their original user groups.

Version 3.0.4

• Updated – Replaced Google Visualization JS library with Chart.js.
• Updated – ‘Referer’ has been replaced with ‘Description’ in the System Overview’s last 5 messages table.
• Updated – Removed Bootstrap 4 CDN from the ‘Backend Password’ and ‘Forbidden’ pages in favor of inline styling.
• Updated – When emptying the log a confirmation is now required.

Version 3.0.3

• Updated – PHP 8 compatibility.
• Updated – Bumped minimum requirements to use PHP 5.4
• Fixed – ‘Pause between retries’ was not working correctly.

Version 3.0.2

• Updated – Replaced references to lists as ‘Blocklist’ and ‘Safelist’.
• Updated – The System Check can now be run with Xdebug enabled by adjusting the xdebug.max_nesting_level directive.
• Fixed – Removed some ‘Ignored Hidden Files’ because some hosting providers block requests containing those names; these have been instead hardcoded in the System Check process.

Version 3.0.1

• Added – Can specify the CAPTCHA Font Size.
• Updated – SQL injection will now trigger when attacks are attempted targeting the ‘information_schema’ table.
• Fixed – Disabling the RSFirewall! System Plugin would throw an error in the Control Ppanel Module.
• Fixed – A warning that you are editing a protected user would incorrectly show up on all admins.

Version 3.0.0

• Added – Joomla! 4.0 compatibility
• Added – Option to configure the public blacklists for the ‘Protect forms from abusive IPs’ check.
• Added – ‘Optional Core Folders’ can be configured in the ‘Firewall Configuration’ – ‘System Check’ tab.
• Added – ‘Ignored Hidden Files’ can be configured in the ‘Firewall Configuration’ – ‘System Check’ tab.
• Updated – Bumped minimum requirements to use Joomla! 3.7.0
• Updated – Code improvements and deprecated functions removed.
• Updated – Google Charts API updated.
• Updated – A warning message is now shown when trying to edit a protected user.
• Updated – The ‘Additional Backend Password’ login and the ‘Blocked’ error screens now use Bootstrap 4.0
• Updated – Permissions have been moved from the ‘Firewall Configuration’ to the ‘Global Configuration’ area.
• Updated – ‘Checking if any admin users have weak passwords’ has been removed since Joomla! now uses strong hashing algorithms that can’t be easily brute forced.
• Updated – ‘Updates’ section has been removed since RSFirewall! can be updated through the Joomla! Update Manager for quite some time.
• Updated – ‘RSS Feeds’ has been removed since RSFirewall! is not a feed reader and there are plenty of dedicated tools for that.
• Updated – Filtering results is now updated to use Joomla!’s ‘Search Tools’ for a more consistent UX.
• Updated – Reworked some parts of the interface to be consistent across both Joomla! versions.
• Updated – Removed some old CSS and icons.
• Updated – Removed support for Microsoft Azure SQL databases.
• Updated – CAPTCHA now appears at all times (unless IP is whitelisted) if ‘Enable CAPTCHA’ is set to ‘Yes’.
• Fixed – ‘Last run’ message was incorrectly showing up after starting the System Check.
• Fixed – ‘Whois’ URL was showing up even when not configured.
• Fixed – In the ‘Country Blocking’ configuration, the checkboxes from ‘Continents’ were not consistent with the ‘Check All’ selections.
• Fixed – In some cases where translations were missing and the ‘System – Language Filter’ Plugin was enabled, email alerts were showing as language keys instead of their English fallbacks.
• Fixed – In some cases uploaded files were not properly scanned for malware.

Version 2.12.5

• Fixed – The * wildcard can now be used in IPv6 lists.

Version 2.12.4

• Updated – License key support for downloading the GeoIP Database from MaxMind.

Version 2.12.3

• Fixed – When the System Plugin was disabled a Fatal Error would occur when trying to empty the log.

Version 2.12.2

• Updated – SQLI protections improved.
• Fixed – In some cases false positives were triggered for the RFI protections.

Version 2.12.1

• Updated – Choose which Google APIs to use during the System Check.

Version 2.12.0

• Added – Google Web Risk API added as an alternative to the Google Safe Browsing API.
• Added – Backend Password can now be used as a parameter.

Version 2.11.27

• Fixed – After disabling the RSFirewall! System Plugin the component was no longer accessible.

Version 2.11.26

• Added – Password strength check can now be toggled off from Firewall Configuration – Active Scanner.
• Updated – Password strength now takes into account the parameters set in Users – Options – Password Options.
• Updated – Adjusted some checks to not trigger false positives on some files.
• Updated – System Check now checks if the Backend Password has been enabled.
• Updated – Removed old Joomla! 2.5 code.
• Fixed – Additional Backend Password attempts will now lead to an autoban.

Version 2.11.25

• Fixed – ‘Convert email addresses from plain text to images’ now only replaces emails from the HTML body.

Version 2.11.24

• Fixed – In some cases the GeoLite2 Country Database could not be uploaded.
• Fixed – Some bug fixes to the GeoLite2 library.

Version 2.11.23

• Fixed – The “System Check” was throwing a false positive for a file from the GeoLite2 library.

Version 2.11.22

• Updated – Country blocking is now using the GeoLite2 database.

Version 2.11.21

• Updated – IP address is now included in the subject of the email alerts.
• Fixed – Table Views are no longer checked in the Database Check because they will halt the check.
• Fixed – In some cases disable_functions was not returning the correct count.

Version 2.11.20

• Updated – Email addresses converted to images now have a transparent background.
• Updated – Email image text color can now be set in Firewall Configuration – Active Scanner.

Version 2.11.19

• Fixed – A Deprecated Warning would appear on PHP 7.2 due to an outdated library.
• Fixed – Some files would show up as modified even if you clicked on ‘Accept Changes’.

Version 2.11.18

• Fixed – In some rare cases, a MySQL warning would show up in the logs if BINLOG_FORMAT was set to STATEMENT.
• Fixed – SimplePie User Agent was incorrectly triggering the Dangerous User Agent protection.

Version 2.11.17

• Fixed – An error would occur in the Blacklist/Whitelist area when adding a range or a CIDR IP in the lists.

Version 2.11.16

• Added – Can specify new System Check options: Max retries, Pause between retries, toggle MD5 Signatures DB off.
• Fixed – In some cases the Control Panel Module would timeout due to request parallelization.

Version 2.11.15

• Fixed – In some cases country flags were not showing up correctly next to IPs.
• Fixed – IPv6 lookups could lead to malformed URLs due to an incorrect encoding.

Version 2.11.14

• Fixed – Changing a protected user could generate a Fatal Error if information was stored incorrectly in the database.

Version 2.11.13

• Fixed – In some cases, emails that were converted to images were disrupting the HTML markup.

Version 2.11.12

• Added – Joomla! 3.8.5 hashes.
• Fixed – Update Code was incorrectly reset when uploading a new configuration.

Version 2.11.11

• Added – Joomla! 3.8.3 hashes.
• Fixed – In some cases the File Manager could not list folders and files.
• Fixed – Some filenames with UTF-8 characters were incorrectly seen as threats.

Version 2.11.9

• Added – Joomla! 3.8.0 hashes.
• Updated – Malware database updated with ~10.000 hashes.
• Fixed – Uninstalling did not remove the Installer Plugin.
• Fixed – signatures.data.sql files are now deleted because they were causing some hosting provider virus scanners to go off.

Version 2.11.7

• Updated – Can now remove Mozilla from ‘Deny access to the following User Agents’ section.
• Updated – System Check will now display the file modification time for core modified files and malware.
• Updated – Lockdown options have been moved to a separate tab for better visibility in the Configuration area.
• Updated – System Check now identifies dot files as suspicious (except .htaccess, .htpasswd, .htusers, .htgroups)
• Fixed – Google API key errors no longer intrerrupt the System Check.

Version 2.11.5

• Fixed – Scanning for malware AJAX response could be scrambled by an incorrect encoding of a malware pattern.

Version 2.11.3

• Fixed – Checking for the GeoIP v6 file was not working correctly.

Version 2.11.1

• Updated – IPv6 GeoIP database support.
• Updated – Improved Country Blocking interface initial setup.
• Updated – Google Safe Browsing API updated to v4.
• Updated – Malware database updated.
• Fixed – Permissions were not being saved correctly due to Joomla! changes since 3.6.0.
• Fixed – Denied referers were not recorded in the System Logs even with ‘Log all blocked attempts’ set to ‘Yes’.

Version 2.10.2

• Updated – A log entry will be created when a change is attempted on a protected user.
• Updated – A log entry will be created when the creation of a new administrator is blocked.
• Updated – Malware database updated.
• Fixed – Old log entries were not deleted according to the settings.

Version 2.10.0

• Added – Built-in exceptions for com_plugins, com_templates, com_modules
• Updated – Show number of files (hashes) modified or missing from your Joomla! installation.
• Updated – Can overwrite modified files or add missing files straight from the Joomla! repository.
• Updated – Malware database updated.
• Fixed – If no signatures are present an error messages is shown during the System Check scan.
• Fixed – ‘Error! is not a valid folder’ message rewritten to make more sense.
• Fixed – Creating php.ini: open_basedir value could have contained empty paths in some cases.
• Fixed – Creating php.ini: open_basedir did not return the correct session.save_path.
• Fixed – Checking temporary files might not have listed files in some cases.

Version 2.9.6

• Updated – Notification emails now contain the ‘Debug information’ as well.
• Updated – System Check now ignores folders it cannot access rather than stopping.
• Fixed – System Check could not be completed when encountering a symbolic link pointing back to the Joomla! root.