Skip to content

@nikosdion nikosdion released this Apr 23, 2020 · 60 commits to development since this release

Release highlights

Browser fingerprinting to reduce 2SV prompts. On popular request, we added an optional feature to disable 2SV prompts for a period of time as long as the user is logging in from a device and browser previously marked as secure.

Fixed dark mode. It was always enabled, regardless what your preference was. Also, the backend dark mode didn't work correctly.

Backend access broke for some users. If your user did not have the core.manage privilege for LoginGuard you were unable to log in.

Joomla and PHP Compatibility

Akeeba LoginGuard is compatible with Joomla! 3.8 and 3.9.

Akeeba LoginGuard requires at least PHP 7.1. It's also compatible with PHP 7.2, 7.3 and 7.4.

We strongly recommend using the latest published Joomla! version and PHP 7.3 or later for optimal security of your site.

IMPORTANT! We are dropping support for all versions of PHP which are officially considered End Of Life (EOL) by the PHP project a few months after they go EOL. These versions of PHP no longer receive bug fixes or security updates and MUST NOT be used on production sites.

Changelog

New

  • Browser fingerprinting to reduce 2SV prompts

Bug fixes

  • Dark Mode “Auto” setting ended up being the same as “Always”
  • U2F and WebAuthn do not show a verification button if your browser / hardware cancels the verification [gh-80]
  • Missing file css/dark.min.css from the media folder
  • Cannot access backend if you have TFA enabled and you're not a Super User (or have the core.manage privilege for LoginGuard)
Assets 3

@nikosdion nikosdion released this Jan 3, 2020 · 72 commits to development since this release

Release highlights

Removed unused GeoIP feature. We have not been collecting IP addresses for well over a year. There is no point having the GeoIP plugin integration in LoginGuard anymore.

Support for Dark Mode. A new dark theme has been added. You can choose if you want to always enable it, have it follow the browser's preferences or disable it.

Common PHP version warning scripts. We have normalized the wording of warnings about old, End of Life and dangerously old PHP versions. You will get a reminder to update PHP if it has entered its final year of support, a warning to update PHP if it has recently become End of Life, a much more urgent warning if it's been End of Life for over 6 months and an error if it's no longer supported by our software.

Joomla and PHP Compatibility

Akeeba LoginGuard is compatible with Joomla! 3.8 and 3.9.

Akeeba LoginGuard requires at least PHP 7.1. It's also compatible with PHP 7.2, 7.3 and 7.4.

We strongly recommend using the latest published Joomla! version and PHP 7.3 or later for optimal security of your site.

IMPORTANT! We are dropping support for all versions of PHP which are officially considered End Of Life (EOL) by the PHP project a few months after they go EOL. These versions of PHP no longer receive bug fixes or security updates and MUST NOT be used on production sites.

Changelog

New

  • Support for Dark Mode
  • Common PHP version warning scripts

Removed features

  • We do not need the GeoIP plugin integration since 3.0.0; related functionality has been removed

Bug fixes

  • You could see an inactive (therefore confusing) 2SV method registration page while not logged in.
  • Joomla's forced password reset makes LoginGuard go into an infinite redirection loop (gh-76)
Assets 3

@nikosdion nikosdion released this May 13, 2019 · 102 commits to development since this release

Release highlights

Security release. A guest (not logged in) user could see a list of the names of all Two Step Verification methods for all users of the site but NOT their settings. The list only shows the method type, the method name the user has entered and a link to select that method which contains the numeric user ID (but not the username, email, full name or any other personally identifiable information).

This is a low priority security issue because it only divulges the names of 2SV methods. It DOES NOT compromise the security of 2SV since guest users CANNOT see or change the 2SV method settings. They can, however, select a method which might trigger sending an email (Email method), push message (PushBullet method) or text message (SMS / Text method). This could range from annoying (receiving lots of emails and push messages) to having a financial impact (sending too many text messages).

Joomla User Actions Log integration. We have created an actionlog plugin to let you log user interactions with LoginGuard to the Joomla! User Actions Log component.

Joomla and PHP Compatibility

Akeeba LoginGuard is compatible with Joomla! 3.8 and 3.9.

Akeeba LoginGuard requires at least PHP 7.1. It's also compatible with PHP 7.2 and 7.3.

We strongly recommend using the latest published Joomla! version and PHP 7.2 or later for optimal security of your site.

IMPORTANT! Starting March 2019 we dropped support for all versions of PHP which are officially considered End Of Life (EOL) by the PHP project. EOL versions of PHP no longer receive security updates and MUST NOT be used on production sites.

Changelog

New

  • Joomla User Actions Log integration

Bug fixes

  • Security: Guest users can view a list of Two Step Verification method name for all users (but NOT their settings; 2SV security was NOT compromised).
Assets 3

@nikosdion nikosdion released this Apr 22, 2019 · 106 commits to development since this release

Release highlights

Option to disable Two Step Verification on silent login. For example, when Remember Me is used or when you log in with a social network profile or passwordless authentication.

W3C Web Authentication (WebAuthn) support. You can now use WebAuthn for multi-factor authentication. This standard supersedes U2F security keys and can be used instead of them. Please note that due to lack of browser and third party library support this only supports security keys, not TPM-stored tokens.

Joomla and PHP Compatibility

Akeeba LoginGuard is compatible with Joomla! 3.8 and 3.9.

Akeeba LoginGuard requires at least PHP 7.1. It's also compatible with PHP 7.2 and 7.3.

We strongly recommend using the latest published Joomla! version and PHP 7.2 or later for optimal security of your site.

IMPORTANT! Starting March 2019 we dropped support for all versions of PHP which are officially considered End Of Life (EOL) by the PHP project. EOL versions of PHP no longer receive security updates and MUST NOT be used on production sites.

Changelog

Bug fixes

  • User Profile fields not displayed correctly when using an Edit Profile menu item
Assets 3

@nikosdion nikosdion released this Apr 3, 2019 · 110 commits to development since this release

Release highlights

Option to disable Two Step Verification on silent login. For example, when Remember Me is used or when you log in with a social network profile or passwordless authentication.

W3C Web Authentication (WebAuthn) support. You can now use WebAuthn for multi-factor authentication. This standard supersedes U2F security keys and can be used instead of them. Please note that due to lack of browser and third party library support this only supports security keys, not TPM-stored tokens.

Joomla and PHP Compatibility

Akeeba LoginGuard is compatible with Joomla! 3.8 and 3.9.

Akeeba LoginGuard requires at least PHP 7.1. It's also compatible with PHP 7.2 and 7.3.

We strongly recommend using the latest published Joomla! version and PHP 7.2 or later for optimal security of your site.

IMPORTANT! Starting March 2019 we will drop support for all versions of PHP which are officially considered End Of Life (EOL) by the PHP project. EOL versions of PHP no longer receive security updates and MUST NOT be used on production sites.

Changelog

Assets 3
You can’t perform that action at this time.