BackWPup release 3.6.9 is available: this release focus mainly on security issues to protect our users and their data.
Together with these changes, following the reports of our users, the development team has corrected some bugs and introduced improvements in order to always offer a flawless back up service.
In this post we provide further information about the changes of this new version.
Do not expose destination data within the manifest file and Update Dropbox Tokens
Before this release, in order to perform a restore, some sensitive data were collected and their management was left to the user.
This was the case also of a Dropbox token that, if not erased, could be used by an eavesdropper to perform unauthorized access to your Dropbox account.
In this new release we changed the process, and sensitive data are not collected anymore: so it is crucial that you update your BackWPup version, not only for security reason, but also because the Dropbox access will not be available anymore with the older versions.
Further details are available here.
Log files name are predictable because of weak hash
A user warned us that the backup process sets the backup naming through a pseudo random algorithm: the effect was that the backup filename was predictable and could help an eavesdropper in intercepting it.
The current release fixes the problem: the process now generates a properly randomized filename, and so it is not anymore predictable. You can sleep peacefully.
Google Drive destination: automatically remove old backup files
A similar issue was spotted in past and fixed, but it seems affecting again the version 3.6.8: even if the user decided to limit the number of backup in his/her Google Drive account, this limitation wasn’t actually performed.
Now the version 3.6.9 corrects the issue and the older backups are automatically deleted by BackWPup, as set by the user in the plugin options.
Changelog for 3.6.9
Here follows the changelog:
- Google Drive destination automatically remove old backup files
- Do not expose destination data within the manifest file
- Update Dropbox Tokens
- Restore error: MIME returns html instead of event stream
- Log files name are predictable because of weak hash
- ZipArchive doesn’t fallback to PclZip in Restore
- Session already started could cause issues during ajax calls
- Wrong vendor include path for PEAR using MS Azure
- Decryption Key prompt when any error occur during the first step of a Restore
- Phone home client notice and php 5 issue with php short echo tag
- mime_content_type function may not exists prevent backup decryption
- Restore Log and produce report for user feedback
- License changed to GPLv2+
Still Problems? Contact us!
Did you find another bug in BackWPup? Please let us know over at Github.
Or do you need support for the free plugin? Please post on our support forum on wordpress.org. We do our best to answer all questions quickly.
If you are a Pro user, please contact us via backwpup.com. We are always working on solving any issues as quickly as possible, but as a Pro user, you get priority support.
Thanks for using BackWPup. We appreciate all our users who find value in our plugin. If you have any suggestions, feel free to let us know.