
The phpMyAdmin team announces the release of versions 4.9.4 and 5.0.1. As a reminder, version 4.x is in the LTS phase, where only security fixes and critical bug fixes are made. Users are suggested to migrate to version 5. These releases address two issues, a problem with two-factor authentication that was introduced with the last releases, and a fix for an SQL injection vulnerability that was reported by CSW Research Labs <https://twitter.com/cswcyberworks>. This vulnerability is assigned PMASA-2020-1 and requires that the attacker have logged in through a valid MySQL account. Known issue: the reported current release version may display incorrectly on the main page (for instance, "Version information: 5.0.1, latest stable version: 4.9.4"). This is expected to be fixed in the next routine bug fix release. Downloads are available at phpmyadmin.net. Happy new year, the phpMyAdmin team