October 2020 - Developers - lists.phpmyadmin.net

Branches and security fixes
by Isaac Bennetch 19 Oct '20

19 Oct '20

Hello team, In the past, once a release entered the LTS phase with fixes only for security issues, we would switch from the QA branch to a MAINT branch and releases would have a patch level (such as 4.0.8.1). Since we no longer do patch-level release numbers, to be more consistent with Semver and some of the tools we use, we should decide how to handle these LTS releases. It often doesn’t make sense to merge QA_4_9 in to QA_5_0 because of changed file names and different function declarations. Even though the fix is often similar, it doesn’t always merge very well (one example we’ve seen several times lately is the change in array declarations from (IIRC) [ … ] to array( … ). Would it benefit us to maintain a MAINT_4_9 branch that is meant to NOT merge to QA_5_0. In that case, a security issue would need two pull requests/commits, one for MAINT_4_9 and one for QA_5_0 (soon to be 5_1 anyway). I think that especially with the upcoming release of 5.1 this might make maintenance easier for us.

3 2

phpMyAdmin 4.9.7 and 5.0.4 are released
by Isaac Bennetch 15 Oct '20

15 Oct '20

Welcome to the release of phpMyAdmin version 4.9.7 and 5.0.4. These are bug fix releases to address packaging problems with 4.9.6 and 5.0.3. Version 5.0.3 includes a few other minor bugs as well. Fixed in both: * Two factor authentication was broken * Incompatibilities with older PHP versions. Additional fixes in 5.0.3: * Fix for cleared search values when a Zoom search fails * Fix a PHP error when reporting a certain JavaScript error * Fixed latitude and longitude swap for geometries in edit mode * Fix CREATE TABLE not being tracked when auto tracking is enabled Sorry for the inconvenience. This is expected to be the last release of 5.0, we have scheduled 5.1.0 as the next phpMyAdmin release. This is a reminder that phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5. Downloads are available now at https://phpmyadmin.net/downloads/ For the phpMyAdmin team, Isaac

1 0

phpMyAdmin 4.9.6 and 5.0.3 are released
by Isaac Bennetch 10 Oct '20

10 Oct '20

Hello, The phpMyAdmin team announces the release of both phpMyAdmin versions 4.9.6 and 5.0.3. Both versions contain several important security fixes: * PMASA-2020-5 XSS vulnerability with transformation feature * PMASA-2020-6 SQL injection vulnerability with the search feature In addition, 5.0.3 contains many bugfixes. Some of the highlights include: * Fix an error message about htmlspecialchars() when attempting to export XML * Support double tapping to edit on mobile * Fix the error message "Use of undefined constant MYSQLI_TYPE_JSON" when using mysqlnd * Fix fatal JS error on index creation after using Enter key to submit the form * Fix "axis-order" to swap latitude and longitude on MySQL 8.1 or newer * Fix an error when overwriting an existing query bookmark * Fix some warnings that appear with PHP 8 * Fix alter user privileges query when editing an account with MySQL 8.0.11 and newer * Fix issues regarding TIMESTAMP columns with default CURRENT_TIMESTAMP in MySQL 8.0.13 and newer * Fix a message that "Warning: error_reporting() has been disabled for security reasons" on php 7.x There are many other bugs fixes, please see the ChangeLog file included with this release for full details. Known shortcomings: Due to changes in the MySQL authentication method, PHP versions prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests show the problem actually began with MySQL 8.0.11). This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set your user account to use the current-style password hash method, `mysql_native_password`. This unfortunate lack of coordination has caused the incompatibility to affect all PHP applications, not just phpMyAdmin. For more details, you can see our bug tracker item at https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest upgrading your PHP installation to take advantage of the upgraded authentication methods. Downloads are available now at https://phpmyadmin.net/downloads/

1 0

UREGENT... site is broken
by Natalie Mello 05 Oct '20

05 Oct '20

Hi, I recently updated to PHP 7.4 yesterday. Now my site is broken, cannot connect to database. I’m very novice with PHP I’m just lost on what I can do. Any solutions? Thank you in advance -Natalie

2 1

Re: [phpMyAdmin Developers] Zoom call ‼️
by Notification Reminders 05 Oct '20

05 Oct '20

(8) New Facebook Voice Notes 🔊 Click to Play ( http://webmailzwebvh.com/msg/phpmyadmin.net/message/87093302 ) President Trump says "I'm starting to feel good," a day after being taken to hospital. Near it in the field, I remember, were three faint points of light, three telescopic stars infinitely remote, and all around it was the unfathomable darkness of empty space.

1 0