phpMyAdmin 4.7.4 SQL injection vulnerability

  • 29 Oct 2020

    PHP 7.4.12 Released!

    The PHP development team announces the immediate availability of PHP 7.4.12. This is a bug fix release.

    All PHP 7.4 users are encouraged to upgrade to this version.

    For source downloads of PHP 7.4.12 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    29 Oct 2020

    PHP 8.0.0 Release Candidate 3 available for testing

    The PHP team is pleased to announce the tenth testing release of PHP 8.0.0, Release Candidate 3.

    At this time, we're not planning to adjust the GA date, however this may change during the course of the RC cycle. The updated release schedule can, as always, be found on the PHP Wiki page about the PHP 8.0.

    For source downloads of PHP 8.0.0 Release Candidate 3 please visit the download page.

    Please carefully test this version and report any issues found in the bug reporting system.

    Please DO NOT use this version in production, it is an early test version.

    For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

    The next release will be the Release Candidate 4, planned for Nov 12 2020.

    The signatures for the release can be found in the manifest or on the QA site.

    Thank you for helping us make PHP better.

    29 Oct 2020

    PHP 7.3.24 Released!

    The PHP development team announces the immediate availability of PHP 7.3.24. This is a bug fix release.

    All PHP 7.3 users are encouraged to upgrade to this version.

    For source downloads of PHP 7.3.24 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • Security updates 1.4.10, 1.3.16 and 1.2.13 released

    27 December 2020

    We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a recently reported stored XSS vulnerability. The 1.4.10 release also contains a few general improvements from our issue tracker.

    Security fix

    • Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content

    Credits for this finding go to Alex Birnberg.

    See the full changelogs in the release notes on the Github download pages for the updated versions 1.4.10, 1.3.16 and 1.2.13.

    We strongly recommend to update all productive installations of Roundcube with these new versions.


    Unbenannt.PNG

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • Security update 1.4.11


    08 February 2021

    We just published a service and security update to the stable version 1.4 of Roundcube Webmail. It provides a fix for a recently reported stored XSS vulnerability as well a some general improvements from our issue tracker.

    Security fix

    • Fix cross-site scripting (XSS) via HTML messages with malicious CSS content

    Credits for this finding go to Mateusz Szymaniec (CERT Polska).

    See the full changelog in the release notes on the Github download page.

    This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net.

    Please do backup your data before updating!

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • phpMyAdmin 5.1.0-rc2

    Released 2021-02-10.

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • phpMyAdmin 5.1.0 is released

    2021-02-24

    We at the phpMyAdmin project are pleased to publish phpMyAdmin 5.1.0.

    There are many new features and bug fixes; a few highlights include:

    • Improve virtuality dropdown for MariaDB > 10.1
    • Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure
    • Added ip2long transformation
    • Improvements to linking to MySQL and MariaDB documentation
    • Add "Preview SQL" option on Index dialog box when creating a new table
    • Add a new vendor constant "CACHE_DIR" that defaults to "libraries/cache/" and store routing cache into this folder
    • Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
    • Add the password_hash PHP function as an option when inserting data
    • Improvements to editing and displaying columns of the JSON data type.
    • Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']"
    • Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated
    • Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
    • Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network
    • Export blobs as hex on JSON export
    • Fix leading space not shown in a CHAR column when browsing a table
    • Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
    • Fixed missing option to enter TABLE specific permissions when the database name contains an "_" (underscore)
    • Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export
    • Fix for several PHP 8 warnings or errors, giving this release full compatibility with PHP 8

    There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/ma…ndex.php?route=/changelog

    Downloads are available now at https://phpmyadmin.net/downloads/

    Isaac and the phpMyAdmin team

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • Roundcube 1.5 beta released

    25 February 2021

    We proudly announce the beta release for the next major version 1.5 of Roundcube webmail. With this milestone we introduce new features and long-awaited improvements. The most noteworthy additions are:

    • PHP 8.0 support
    • OAuth2/XOauth support
    • Dark mode for Elastic skin
    • Collected recipients and trusted senders
    • Moving recipients between inputs with drag & drop
    • Full unicode support with MySQL database
    • Cache refactoring

    Adding support for PHP 8 required some deep refactoring of the Roundcube codebase which started with early PHP 5 versions. However, this refactoring also was a bit of a cleaning procedure and resulted in more testable components.

    In case you’re running Roundcube directly from source or if you’re not using the complete package, you need to install 3rd party javascript modules using the bin/install-jsdeps.sh script. With this release the toolchain required to build a functional package has changed a bit:

    • bin/jsshrink.sh: replaced google-closure-compiler with UglifyJS
    • bin/cssshrink.sh: replaced yuicompressor with csso
    • Elastic theme: require lessc >= 2.5.2 (and add support for v4) with less-plugin-clean-css

    See the full changelog in the release notes on the Github download page.

    This is a beta release and we recommend to test it on a separate environment. And don’t forget to backup your data before installing it. Download it from roundcube.net.

    We also have some Docker images availabe for quick testing and evaluation.

    Return to News overview

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • phpMyAdmin 5.1.0 is released



    2021-02-24

    We at the phpMyAdmin project are pleased to publish phpMyAdmin 5.1.0.

    There are many new features and bug fixes; a few highlights include:

    • Improve virtuality dropdown for MariaDB > 10.1
    • Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure
    • Added ip2long transformation
    • Improvements to linking to MySQL and MariaDB documentation
    • Add "Preview SQL" option on Index dialog box when creating a new table
    • Add a new vendor constant "CACHE_DIR" that defaults to "libraries/cache/" and store routing cache into this folder
    • Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
    • Add the password_hash PHP function as an option when inserting data
    • Improvements to editing and displaying columns of the JSON data type.
    • Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']"
    • Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated
    • Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
    • Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network
    • Export blobs as hex on JSON export
    • Fix leading space not shown in a CHAR column when browsing a table
    • Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
    • Fixed missing option to enter TABLE specific permissions when the database name contains an "_" (underscore)
    • Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export
    • Fix for several PHP 8 warnings or errors, giving this release full compatibility with PHP 8

    There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/ma…ndex.php?route=/changelog

    Downloads are available now at https://phpmyadmin.net/downloads/

    Isaac and the phpMyAdmin team

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0