Posts by Speddy

    phpMyAdmin 4.9.10 and 5.1.3 are released

    2022-02-11

    The phpMyAdmin team announces the release of versions 4.9.10 and 5.1.3.

    These versions primarily address a regression that caused the navigation pane to not function correctly when multiple pages of tables were shown.

    Version 5.1.3 includes a security hardening improvement. The issue, reported by Rafael Pedrero, could allow users to cause an error that would reveal the path on disk where phpMyAdmin is running from. We believe this requires the server to be running with display_errors on, which is not the recommended setting for a production environment.

    Version 5.1.3 includes a few other minor bug fixes and is recommended for all users.

    Note that version 4.9 is in extended security support only. Version 5.2.0 is in final testing and is expected to replace the 5.1 branch in the coming week or weeks, with no changes to required versions of PHP or database server.

    PHP 8.1.3 Released!

    The PHP development team announces the immediate availability of PHP 8.1.3. This is a security release.

    All PHP 8.1 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.1.3 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    17 Feb 2022

    PHP 8.0.16 Released!

    The PHP development team announces the immediate availability of PHP 8.0.16. This is a security release.

    All PHP 8.0 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.0.16 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    17 Feb 2022

    PHP 7.4.28 Released!

    The PHP development team announces the immediate availability of PHP 7.4.28. This is a security release.

    All PHP 7.4 users are encouraged to upgrade to this version.

    For source downloads of PHP 7.4.28 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    PHP 8.1.3 Released!

    The PHP development team announces the immediate availability of PHP 8.1.3. This is a security release.

    All PHP 8.1 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.1.3 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    17 Feb 2022

    PHP 8.0.16 Released!

    The PHP development team announces the immediate availability of PHP 8.0.16. This is a security release.

    All PHP 8.0 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.0.16 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    17 Feb 2022

    PHP 7.4.28 Released!

    The PHP development team announces the immediate availability of PHP 7.4.28. This is a security release.

    All PHP 7.4 users are encouraged to upgrade to this version.

    For source downloads of PHP 7.4.28 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    phpMyAdmin 4.9.8, 5.1.2, and 5.2.0-rc1 are released

    2022-01-22

    The phpMyAdmin project announces several new releases:

    • 4.9.8, which fixes some security flaws
    • 5.1.2, which fixes some security flaws and contains many bug fixes including better PHP 8.0 and 8.1 compatibility
    • 5.2.0-rc1, a testing version introducing many new features

    Security fixes (affected versions as noted)

    A flaw was identified in how phpMyAdmin processes two factor authentication; a user could potentially manipulate their account to bypass two factor authentication in subsequent authentication sessions (PMASA-2022-1) (affects both 4.9 and 5.1).

    A series of weaknesses was identified allowing a malicious user to submit malicious information to present an XSS or HTML injection attack in the graphical setup page (PMASA-2022-2) (affects 5.1 only; not 4.9).

    In some scenarios, potentially sensitive information such as a the database name can be part of the URL. This can now be optionally encrypted. There are two new configuration directives relating to this improvement: $cfg['URLQueryEncryption'] and $cfg['URLQueryEncryptionSecretKey']. This encryption can be enabled by setting URLQueryEncryption to true in your config.inc.php. Thanks to Rich Grimes https://twitter.com/saltycoder for suggesting this improvement (affects both 4.9 and 5.1).

    During a failed log on attempt, the error message reveals the target database server's hostname or IP address. This can reveal some information about the network infrastructure to an attacker. This information can now be suppressed through the $cfg['Servers'][$i]['hide_connection_errors'] directive. Thanks to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for suggesting this improvement (affects both 4.9 and 5.1).

    Bug fixes (5.1.2 and 5.2.0-rc1)

    • Revert a changed to $cfg['CharTextareaRows'] allow values less than 7
    • Fix encoding of enum and set values on edit value
    • Fixed possible "Undefined index: clause_is_unique" error
    • Fixed some situations where a user is logged out when working with more than one server
    • Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore
    • Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer
    • Correctly handle the removal of "innodb_file_format" in MariaDB and MySQL

    New features (5.2.0-rc1)

    • Removed support for Microsoft Internet Explorer
    • Requires PHP 7.2 or newer
    • Requires the openssl PHP extension
    • Improved handling of system CA bundle and cacert.pem, falling back to Mozilla CA if needed
    • Replace "master/slave" terms with "primary/replica"
    • Add "NOT LIKE %...%" operator to Table search
    • Add support for the Mroonga engine
    • Add support for account locking
    • Several fixes and improvements to the SQL parser library

    There are, of course, many more fixes and new features that you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/ma…ndex.php?route=/changelog

    Downloads are available now at https://phpmyadmin.net/downloads/

    Isaac and the phpMyAdmin team

    21 Jan 2022

    PHP 8.1.2 Released!

    The PHP development team announces the immediate availability of PHP 8.1.2. This is a bug fix release.

    All PHP 8.1 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.1.2 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    20 Jan 2022

    PHP 8.0.15 Released!

    The PHP development team announces the immediate availability of PHP 8.0.15. This is a bug fix release.

    All PHP 8.0 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.0.15 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    17 Dec 2021

    PHP 8.1.1 Released!

    The PHP development team announces the immediate availability of PHP 8.1.1. This is a bug fix release.

    All PHP 8.1 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.1.1 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    16 Dec 2021

    PHP 8.0.14 Released!

    The PHP development team announces the immediate availability of PHP 8.0.14. This is a bug fix release.

    All PHP 8.0 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.0.14 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    21 Jan 2022

    PHP 8.1.2 Released!

    The PHP development team announces the immediate availability of PHP 8.1.2. This is a bug fix release.

    All PHP 8.1 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.1.2 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    20 Jan 2022

    PHP 8.0.15 Released!

    The PHP development team announces the immediate availability of PHP 8.0.15. This is a bug fix release.

    All PHP 8.0 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.0.15 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    17 Dec 2021

    PHP 8.1.1 Released!

    The PHP development team announces the immediate availability of PHP 8.1.1. This is a bug fix release.

    All PHP 8.1 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.1.1 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    16 Dec 2021

    PHP 8.0.14 Released!

    The PHP development team announces the immediate availability of PHP 8.0.14. This is a bug fix release.

    All PHP 8.0 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.0.14 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    17 Dec 2021

    PHP 8.1.1 Released!

    The PHP development team announces the immediate availability of PHP 8.1.1. This is a bug fix release.

    All PHP 8.1 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.1.1 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    16 Dec 2021

    PHP 8.0.14 Released!

    The PHP development team announces the immediate availability of PHP 8.0.14. This is a bug fix release.

    All PHP 8.0 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.0.14 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    16 Dec 2021

    PHP 7.4.27 Released!

    The PHP development team announces the immediate availability of PHP 7.4.27. This is a bug fix release.

    All PHP 7.4 users are encouraged to upgrade to this version.

    For source downloads of PHP 7.4.27 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    25 Nov 2021

    PHP 8.1.0 Released!

    The PHP development team announces the immediate availability of PHP 8.1.0. This release marks the latest minor release of the PHP language.

    PHP 8.1 comes with numerous improvements and new features such as:

    Take a look at the PHP 8.1 Announcement Addendum for more information.

    For source downloads of PHP 8.1.0 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    The migration guide is available in the PHP Manual. Please consult it for the detailed list of new features and backward incompatible changes.

    Many thanks to all the contributors and supporters!

    PHP 8.0.13 Released!

    The PHP development team announces the immediate availability of PHP 8.0.13. This is a security release.

    All PHP 8.0 users are encouraged to upgrade to this version.

    For source downloads of PHP 8.0.13 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    18 Nov 2021

    PHP 7.3.33 Released!

    The PHP development team announces the immediate availability of PHP 7.3.33. This is a security release.

    All PHP 7.3 users are encouraged to upgrade to this version.

    For source downloads of PHP 7.3.33 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

    18 Nov 2021

    PHP 7.4.26 Released!

    The PHP development team announces the immediate availability of PHP 7.4.26. This is a security release.

    All PHP 7.4 users are encouraged to upgrade to this version.

    For source downloads of PHP 7.4.26 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.