=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN556
_____________________________________________________________________

DATE                      : 20/12/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Admin Tools Core, Admin Tools Professional
                                       versions prior to 1.1.

======================================================================
http://www.akeebabackup.com/home/item/929-security-release-admin-tools-1-1.html
______________________________________________________________________

 Security release: Admin Tools 1.1

We are please to announce that Admin Tools Core and Admin Tools
Professional version 1.1 was just released. This release fixes medium
priority security issues and adds new features. It is also the first
release which has been thoroughly tested against Joomla! 1.6 RC1.

This release addresses security issues. All users are advised to
upgrade immediately.

Major highlights of this release:

    * Fixed medium priority XSS and CSRF vulnerabilities in the
back-end. Thank you Jeff Channell for reporting them!
    * New one-click security hardening features: change your
database table prefix, change your Super Admin user so as not
to use unsafe ID 62/42.
    * You can change your database collation with a single click.
    * Automatic link migration: absolute URLs pointing to an old
domain can be rewritten on-the-fly to point to your new domain.
Very useful when you move your site between domains or between
a local testing server and your live server.
    * Full Joomla! 1.6 compatibility. Admin Tools can be installed
on Joomla! 1.6 RC1 and takes into account the new ACL feature in
the upcoming Joomla! release. Furthermore, it makes use of
Joomla!'s extensions update feature to notify you on updates.
Professional subscribers will still have to use the updater
integrated in the component as the download package is protected
by username and password.
    * International by default: translations for 10 major languages
out-of-the-box.

You can download the software from our Downloads page. If you are
an ATPRO or AKEEBADELUXE subscriber make sure that you have logged
in to the site before attempting to access the downloads page,
otherwise you won't be able to see and download the Professional
release.



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================