It's already set to use PHP7.1, funny so.
One day I'll take a better look at it, thanks.

phpMyAdmin 4.7.4 SQL injection vulnerability
- major
- Thread is marked as Resolved.
-
-
29 Oct 2020
PHP 7.4.12 Released!
The PHP development team announces the immediate availability of PHP 7.4.12. This is a bug fix release.
All PHP 7.4 users are encouraged to upgrade to this version.
For source downloads of PHP 7.4.12 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
29 Oct 2020
PHP 8.0.0 Release Candidate 3 available for testing
The PHP team is pleased to announce the tenth testing release of PHP 8.0.0, Release Candidate 3.
At this time, we're not planning to adjust the GA date, however this may change during the course of the RC cycle. The updated release schedule can, as always, be found on the PHP Wiki page about the PHP 8.0.
For source downloads of PHP 8.0.0 Release Candidate 3 please visit the download page.
Please carefully test this version and report any issues found in the bug reporting system.
Please DO NOT use this version in production, it is an early test version.
For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.
The next release will be the Release Candidate 4, planned for Nov 12 2020.
The signatures for the release can be found in the manifest or on the QA site.
Thank you for helping us make PHP better.
29 Oct 2020
PHP 7.3.24 Released!
The PHP development team announces the immediate availability of PHP 7.3.24. This is a bug fix release.
All PHP 7.3 users are encouraged to upgrade to this version.
For source downloads of PHP 7.3.24 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
-
-
Security updates 1.4.10, 1.3.16 and 1.2.13 released
27 December 2020
We just published security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a recently reported stored XSS vulnerability. The 1.4.10 release also contains a few general improvements from our issue tracker.
Security fix
- Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content
Credits for this finding go to Alex Birnberg.
See the full changelogs in the release notes on the Github download pages for the updated versions 1.4.10, 1.3.16 and 1.2.13.
We strongly recommend to update all productive installations of Roundcube with these new versions.
-
Security update 1.4.11
08 February 2021
We just published a service and security update to the stable version 1.4 of Roundcube Webmail. It provides a fix for a recently reported stored XSS vulnerability as well a some general improvements from our issue tracker.
Security fix
- Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Credits for this finding go to Mateusz Szymaniec (CERT Polska).
See the full changelog in the release notes on the Github download page.
This release is considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net.
Please do backup your data before updating!
-
-
phpMyAdmin 5.1.0-rc2
Released 2021-02-10.
Code- We at the phpMyAdmin project are delighted to offer a release candidate for the upcoming version 5.1.0. This release, phpMyAdmin 5.1.0-rc2, is meant as a testing release before the official release of 5.1.0, and is expected to be the only release candidate before the full release.
- This release will remove support for Microsoft Internet Explorer (Edge continues to be a supported browser).
- There have been several minor fixes since -rc1, most notably fixing a looping condition that can occur when attempting to log in.
- There are many new features and bug fixes; a few highlights include:
- * Improve virtuality dropdown for MariaDB > 10.1
- * Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure
- * Added ip2long transformation
- * Improvements to linking to MySQL and MariaDB documentation
- * Add "Preview SQL" option on Index dialog box when creating a new table
- * Add a new vendor constant "CACHE_DIR" that defaults to "libraries/cache/" and store routing cache into this folder
- * Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
- * Add the password_hash PHP function as an option when inserting data
- * Improvements to editing and displaying columns of the JSON data type.
- * Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']"
- * Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated
- * Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
- * Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network
- * Export blobs as hex on JSON export
- * Fix leading space not shown in a CHAR column when browsing a table
- * Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
- * Fixed missing option to enter TABLE specific permissions when the database name contains an "_" (underscore)
- * Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export
- * Fix for several PHP 8 warnings or errors, giving this release full compatibility with PHP 8
- There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog
- Downloads are available now at https://phpmyadmin.net/downloads/