Hi, Patch level 1 of phpMyAdmin 2.6.1 fixes some security problems, along with a few other bugs. A more formal security alert will be posted when ready.

Meanwhile, the phpMyAdmin development team strongly advises an upgrade to phpMyAdmin 2.6.1-pl1, and to also apply the following security measures on your PHP installation (if feasible) by modifying your php.ini configuration file (or virtual host settings):

- set register_globals to Off - set display_errors to Off - set log_errors to On - define the path to your error log with the error_log directive

Both settings are recommended in the PHP documentation on a server running in production. For example: http://www.php.net/manual/en/security.errors.php However, we suggest you review the impact of those changes before applying them.

Meanwhile, work continues on the development version 2.6.2.

Marc Delisle, for the team.