Hi, Patch level 1 of phpMyAdmin 2.6.1 fixes some security problems, along with a few other bugs. A more formal security alert will be posted when ready.
Meanwhile, the phpMyAdmin development team strongly advises an upgrade to phpMyAdmin 2.6.1-pl1, and to also apply the following security measures on your PHP installation (if feasible) by modifying your php.ini configuration file (or virtual host settings):
- set register_globals to Off - set display_errors to Off - set log_errors to On - define the path to your error log with the error_log directive
Both settings are recommended in the PHP documentation on a server running in production. For example: http://www.php.net/manual/en/security.errors.php However, we suggest you review the impact of those changes before applying them.
Meanwhile, work continues on the development version 2.6.2.
Marc Delisle, for the team.