RSFirewall! Changelog

04 Jun 2026
Version 3.3.5
  • Added - Protection against JCE < 2.9.99.5 vulnerability.
15 Apr 2026
Version 3.3.4
  • Fixed - Joomla! 6.1 would throw an error when the Backend Password was shown or protections were triggered.
01 Apr 2026
Version 3.3.3
  • Added - Protection against Novarain Framework <= 6.0.37 vulnerability.
24 Mar 2026
Version 3.3.2
  • Added - Support for the Google Safe Browsing V5 API.
  • Fixed - Google Safe Browsing and Web Risk checking would throw an error when the response was cached.
09 Mar 2026
Version 3.3.1
  • Added - Protection against Astroid < 3.3.11 vulnerability.
26 Nov 2025
Version 3.3.0
  • Updated - Bumped minimum requirements to use PHP 7.1
  • Fixed- Various PHP 8.4 compatibility improvements.
15 Oct 2025
Version 3.2.0
  • Updated - Various Joomla! 6 compatibility improvements.
29 Sep 2025
Version 3.1.8
  • Updated - Can now set own DNS server for querying PBL in Firewall Configuration - Active Scanner.
  • Updated - Various Joomla! 6 compatibility improvements.
  • Fixed - Spamhaus PBL did not allow querying using default Cloudflare DNS, now attempting to use Open DNS as primary DNS.
26 Jun 2025
Version 3.1.7
  • Fixed - When using Atum in Dark Mode the computed grade was not readable.
26 Jun 2025
Version 3.1.7
  • Fixed - When using Atum in Dark Mode the computed grade was not readable.
04 Jun 2025
Version 3.1.6
  • Fixed - System Check 'View file contents' would incorrectly allow reading files outside your Joomla! root.
03 Feb 2025
Version 3.1.5
  • Added - Button to clear the Backend Password.
  • Added - Protection against Sourcerer < 11.0.0 vulnerability.
  • Updated - Backend Password instructions when using 'Use as parameter'.
03 Jan 2025
Version 3.1.4
  • Updated - PHP EOL dates have been updated.
  • Updated - CSP improvements - inline Javascript has been removed.
  • Fixed - Error messages were not being shown when 'Block' was clicked.
  • Fixed - In some cases 'Google Web Risk' would show up error messages multiple times.
  • Fixed - Removed open_basedir recommendations from PHP Check.
03 Sep 2024
Version 3.1.3
  • Updated - Improved CIDR matches for IPv6.
  • Updated - Firewall Configuration tab position is now remembered.
  • Fixed - PHP 8.3 improvements.
  • Fixed - Removed unused assets (CSS and images).
18 Apr 2024
Version 3.1.2
  • Fixed - In some cases the generated php.ini contents would overflow the page during the System Check scan.
  • Fixed - Joomla! 5.1 Dark Mode fixes.
  • Fixed - In Joomla! 5.1 a class naming collision resulted in Exceptions not being able to be saved showing a message about valid Regex.
  • Fixed - When using Country Blocking, in some cases the IP's country was cached until a new session was started.
15 Jan 2024
Version 3.1.1
  • Fixed - 'Files that have been modified' table was missing a table-responsive class.
  • Fixed - Emptying the temporary folder would throw an 500 error.
09 Jan 2024
Version 3.1.0
  • Added - Joomla! 5 native compatibility - no longer needs the 'Behaviour - Backward Compatibility' plugin.
  • Added - Joomla! 3 elts hashes support.
  • Updated - RSFirewall! Control Panel module options: 'Show Grade', 'Show Version Check', 'Show Map', 'Show System Logs'.
  • Updated - When specifying an exception with 'Use regular exceptions' set to 'Yes', the regular exception is validated before being saved to avoid errors being thrown.
  • Updated - Grade score computing has been reworked to substract more points if malware is found or Joomla! core files have been modified.
  • Updated - 'Convert email addresses from plain text to images' has been removed as today's AI can easily read images.
  • Updated - 'Attempt to fix PHP Configuration' has been removed as this is a job for the server admin.
  • Updated - System Check now checks if the PHP version is end-of-life.
  • Fixed - Accepting changes on modified files would accept changes for all files, regardless of selection.
23 Oct 2023
Version 3.0.14
  • Updated - Dark Mode in Joomla! 5 was unreadable.
  • Updated - Some Joomla! 5 code improvements.
  • Updated - Removed some old CSS code.
13 Sep 2023
Version 3.0.13
  • Updated - Double extension PHP files are now marked as suspicious in the System Check.
07 Jun 2023
Version 3.0.12
  • Added - Can now perform scans through the RSFirewall! CLI Plugin (Joomla! 4 only).
  • Fixed - In some cases the 'Protect the following users from any changes' feature could throw an SQL error.
17 Feb 2023
Version 3.0.11
  • Updated - API requests are now scanned in Joomla! 4 to prevent the < 4.2.8 vulnerability.
  • Updated - Malware database updated.
  • Updated - IP address now takes into account the 'Behind Load Balancer' setting from Global Configuration.
  • Updated - Bumped minimum requirements to use Joomla! 3.9.0+
  • Fixed - Captcha rendering on PHP 8.1+ could throw some deprecated notices.
  • Fixed - Country Blocking on PHP 8.1+ could throw some deprecated notices.
09 Nov 2022
Version 3.0.10
  • Fixed - Some PHP 8.1 compatibility issues have been resolved.
  • Fixed - If the component tables are missing the System Plugin no longer throws an error.
25 May 2022
Version 3.0.9
  • Fixed - Backend Captcha was throwing an error due to changes in Joomla! 4.1.4.
12 May 2022
Version 3.0.8
  • Fixed - Joomla! 4 CLI was throwing an error when the RSFirewall! System Plugin was published.
21 Jan 2022
Version 3.0.7
  • Fixed - No longer requiring the Backend Password in the Configuration area after enabling it.
  • Fixed - 'Backend Password' was inheriting the Password Options from the Users component.
25 Aug 2021
Version 3.0.6
  • Added - Can download and import Blocklist/Safelist entries.
  • Added - Can download and import Exceptions entries.
  • Updated - Can filter by Country Code in the System Logs area.
  • Updated - Session Handler check has been removed from the System Check.
  • Updated - 'autocomplete=off' on the Captcha and Backend Password inputs.
  • Updated - A few common files have been added to the 'Ignored Hidden Files' by default.
  • Updated - SQL injection protection adjustments.
  • Updated - Various Javascript code improvements.
  • Fixed - Some checkboxes were not showing up correctly.
  • Fixed - PHP 8 could show a warning message when downloading the GeoIP database.
  • Fixed - 'Search Tools' was not staying open when filtering.
27 May 2021
Version 3.0.5
  • Fixed - In some cases protected users where not reverted to their original user groups.
15 Apr 2021
Version 3.0.4
  • Updated - Replaced Google Visualization JS library with Chart.js.
  • Updated - 'Referer' has been replaced with 'Description' in the System Overview's last 5 messages table.
  • Updated - Removed Bootstrap 4 CDN from the 'Backend Password' and 'Forbidden' pages in favor of inline styling.
  • Updated - When emptying the log a confirmation is now required.
12 Apr 2021
Version 3.0.3
  • Updated - PHP 8 compatibility.
  • Updated - Bumped minimum requirements to use PHP 5.4
  • Fixed - 'Pause between retries' was not working correctly.
12 Aug 2020
Version 3.0.2
  • Updated - Replaced references to lists as 'Blocklist' and 'Safelist'.
  • Updated - The System Check can now be run with Xdebug enabled by adjusting the xdebug.max_nesting_level directive.
  • Fixed - Removed some 'Ignored Hidden Files' because some hosting providers block requests containing those names; these have been instead hardcoded in the System Check process.
03 Jul 2020
Version 3.0.1
  • Added - Can specify the CAPTCHA Font Size.
  • Updated - SQL injection will now trigger when attacks are attempted targeting the 'information_schema' table.
  • Fixed - Disabling the RSFirewall! System Plugin would throw an error in the Control Ppanel Module.
  • Fixed - A warning that you are editing a protected user would incorrectly show up on all admins.
29 Jun 2020
Version 3.0.0
  • Added - Joomla! 4.0 compatibility
  • Added - Option to configure the public blacklists for the 'Protect forms from abusive IPs' check.
  • Added - 'Optional Core Folders' can be configured in the 'Firewall Configuration' - 'System Check' tab.
  • Added - 'Ignored Hidden Files' can be configured in the 'Firewall Configuration' - 'System Check' tab.
  • Updated - Bumped minimum requirements to use Joomla! 3.7.0
  • Updated - Code improvements and deprecated functions removed.
  • Updated - Google Charts API updated.
  • Updated - A warning message is now shown when trying to edit a protected user.
  • Updated - The 'Additional Backend Password' login and the 'Blocked' error screens now use Bootstrap 4.0
  • Updated - Permissions have been moved from the 'Firewall Configuration' to the 'Global Configuration' area.
  • Updated - 'Checking if any admin users have weak passwords' has been removed since Joomla! now uses strong hashing algorithms that can't be easily brute forced.
  • Updated - 'Updates' section has been removed since RSFirewall! can be updated through the Joomla! Update Manager for quite some time.
  • Updated - 'RSS Feeds' has been removed since RSFirewall! is not a feed reader and there are plenty of dedicated tools for that.
  • Updated - Filtering results is now updated to use Joomla!'s 'Search Tools' for a more consistent UX.
  • Updated - Reworked some parts of the interface to be consistent across both Joomla! versions.
  • Updated - Removed some old CSS and icons.
  • Updated - Removed support for Microsoft Azure SQL databases.
  • Updated - CAPTCHA now appears at all times (unless IP is whitelisted) if 'Enable CAPTCHA' is set to 'Yes'.
  • Fixed - 'Last run' message was incorrectly showing up after starting the System Check.
  • Fixed - 'Whois' URL was showing up even when not configured.
  • Fixed - In the 'Country Blocking' configuration, the checkboxes from 'Continents' were not consistent with the 'Check All' selections.
  • Fixed - In some cases where translations were missing and the 'System - Language Filter' Plugin was enabled, email alerts were showing as language keys instead of their English fallbacks.
  • Fixed - In some cases uploaded files were not properly scanned for malware.
27 Feb 2020
Version 2.12.5
  • Fixed - The * wildcard can now be used in IPv6 lists.
07 Jan 2020
Version 2.12.4
  • Updated - License key support for downloading the GeoIP Database from MaxMind.
06 Jan 2020
Version 2.12.3
  • Fixed - When the System Plugin was disabled a Fatal Error would occur when trying to empty the log.
09 Dec 2019
Version 2.12.2
  • Updated - SQLI protections improved.
  • Fixed - In some cases false positives were triggered for the RFI protections.
30 Sep 2019
Version 2.12.1
  • Updated - Choose which Google APIs to use during the System Check.
27 Sep 2019
Version 2.12.0
  • Added - Google Web Risk API added as an alternative to the Google Safe Browsing API.
  • Added - Backend Password can now be used as a parameter.
04 Jun 2019
Version 2.11.27
  • Fixed - After disabling the RSFirewall! System Plugin the component was no longer accessible.
21 May 2019
Version 2.11.26
  • Added - Password strength check can now be toggled off from Firewall Configuration - Active Scanner.
  • Updated - Password strength now takes into account the parameters set in Users - Options - Password Options.
  • Updated - Adjusted some checks to not trigger false positives on some files.
  • Updated - System Check now checks if the Backend Password has been enabled.
  • Updated - Removed old Joomla! 2.5 code.
  • Fixed - Additional Backend Password attempts will now lead to an autoban.
23 Jan 2019
Version 2.11.25
  • Fixed - 'Convert email addresses from plain text to images' now only replaces emails from the HTML body.
09 Jan 2019
Version 2.11.24
  • Fixed - In some cases the GeoLite2 Country Database could not be uploaded.
  • Fixed - Some bug fixes to the GeoLite2 library.
07 Jan 2019
Version 2.11.23
  • Fixed - The "System Check" was throwing a false positive for a file from the GeoLite2 library.
07 Jan 2019
Version 2.11.22
  • Updated - Country blocking is now using the GeoLite2 database.
13 Nov 2018
Version 2.11.21
  • Updated - IP address is now included in the subject of the email alerts.
  • Fixed - Table Views are no longer checked in the Database Check because they will halt the check.
  • Fixed - In some cases disable_functions was not returning the correct count.
10 Oct 2018
Version 2.11.20
  • Updated - Email addresses converted to images now have a transparent background.
  • Updated - Email image text color can now be set in Firewall Configuration - Active Scanner.
08 Oct 2018
Version 2.11.19
  • Fixed - A Deprecated Warning would appear on PHP 7.2 due to an outdated library.
  • Fixed - Some files would show up as modified even if you clicked on 'Accept Changes'.
26 Jun 2018
Version 2.11.18
  • Fixed - In some rare cases, a MySQL warning would show up in the logs if BINLOG_FORMAT was set to STATEMENT.
  • Fixed - SimplePie User Agent was incorrectly triggering the Dangerous User Agent protection.
07 May 2018
Version 2.11.17
  • Fixed - An error would occur in the Blacklist/Whitelist area when adding a range or a CIDR IP in the lists.
03 May 2018
Version 2.11.16
  • Added - Can specify new System Check options: Max retries, Pause between retries, toggle MD5 Signatures DB off.
  • Fixed - In some cases the Control Panel Module would timeout due to request parallelization.
19 Apr 2018
Version 2.11.15
  • Fixed - In some cases country flags were not showing up correctly next to IPs.
  • Fixed - IPv6 lookups could lead to malformed URLs due to an incorrect encoding.
22 Mar 2018
Version 2.11.14
  • Fixed - Changing a protected user could generate a Fatal Error if information was stored incorrectly in the database.
16 Mar 2018
Version 2.11.13
  • Fixed - In some cases, emails that were converted to images were disrupting the HTML markup.
19 Feb 2018
Version 2.11.12
  • Added - Joomla! 3.8.5 hashes.
  • Fixed - Update Code was incorrectly reset when uploading a new configuration.
11 Jan 2018
Version 2.11.11
  • Added - Joomla! 3.8.3 hashes.
  • Fixed - In some cases the File Manager could not list folders and files.
  • Fixed - Some filenames with UTF-8 characters were incorrectly seen as threats.
03 Oct 2017
Version 2.11.10
  • Updated - Malware database updated.
  • Updated - Can now grab IP from Cloudflare and Incapsula supplied headers.
  • Updated - Non-core extensions no longer show up as missing when running the System Check.
20 Sep 2017
Version 2.11.9
  • Added - Joomla! 3.8.0 hashes.
  • Updated - Malware database updated with ~10.000 hashes.
  • Fixed - Uninstalling did not remove the Installer Plugin.
  • Fixed - signatures.data.sql files are now deleted because they were causing some hosting provider virus scanners to go off.
18 May 2017
Version 2.11.8
  • Updated - No longer recommending disable_functions to include phpinfo and show_source.
  • Updated - System Check now recommends expose_php to be Off.
  • Updated - Some more explanations in the 'Server Configuration' area.
  • Fixed - 'Log all blocked events' would not take the 'Mozilla' User Agent into account.
  • Fixed - The #__rsfirewall_offenders table was not being pruned causing this table to reach a large size.
04 Apr 2017
Version 2.11.7
  • Updated - Can now remove Mozilla from 'Deny access to the following User Agents' section.
  • Updated - System Check will now display the file modification time for core modified files and malware.
  • Updated - Lockdown options have been moved to a separate tab for better visibility in the Configuration area.
  • Updated -

    22 persons found this article helpful.

    Was this article helpful?

    Yes No
    Sorry about that