Security fix: phpMyAdmin 4.7.8 is released

  • 2018-02-20
    Welcome to phpMyAdmin 4.7.8, a security releaes also containing regular maintenance bug fixes.
    The security fix relates to a self-XSS vulnerability in the central columns feature that is reported as PMASA-2018-1 https://www.phpmyadmin.net/security/PMASA-2018-1/. Thanks to Mayur Udiniya https://www.linkedin.com/in/mayur-udiniya-09247b129/ for finding and responsibly disclosing this flaw.
    We recommend all users upgrade to resolve this security problem.
    A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.
    Notable changes since 4.7.7:

    • Fixed error handling with PHP 7.2
    • Fixed resetting default setting values
    • Fixed fallback value for collation connection

    Additionally, there have been continuous improvements to many of the translations. If you don't see your language or find a problem, you can contribute too; see https://www.phpmyadmin.net/translate/ for details.
    As always, downloads are available at https://www.phpmyadmin.net
    Thanks to our sponsors for helping to make this work possible!
    The phpMyAdmin Team

    my System :



    - Distribution: Debian | Release: 9.8 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.2.1), Mailgraph (v 1.1.1), OpenDKIM (v 1.1.3), PanelRedirect (v 1.1.5) & SpamAssassin (v 1.1.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 4.0.1), RoundcubePlugins (v 2.0.1)

  • Security fix: phpMyAdmin 4.8.3 is released

    2018-08-22

    The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains a security fix for an issue that can be exploited when importing files.

    A flaw was discovered with how warning messages are displayed while importing a file. This attack requires a specially-crafted file but can allow an attacker to trick the user in to executing a cross-site scripting (XSS) attack. We recommend updating immediately to mitigate this attack.

    In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

    • An error where a database is named 0
    • Fix for NULL as default not being shown
    • Fix for recent tables list
    • Fix for slow performance with table filtering
    • Two-factor authentication (2FA) fails if the GD PHP library is missing
    • Event scheduler toggle does not work
    • ERR_BLOCKED_BY_XSS_AUDITOR error when exporting a table
    • PHP 7.3 warning: "continue" in "switch" is equal to "break"

    And several more. Complete notes are in the ChangeLog file included with this release.

    As always, downloads are available at https://www.phpmyadmin.net/downloads/

    my System :



    - Distribution: Debian | Release: 9.8 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.2.1), Mailgraph (v 1.1.1), OpenDKIM (v 1.1.3), PanelRedirect (v 1.1.5) & SpamAssassin (v 1.1.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 4.0.1), RoundcubePlugins (v 2.0.1)