The phpMyAdmin team is pleased to announce the release of phpMyAdmin
version 4.8.3. Among other bug fixes, this contains a security fix for
an issue that can be exploited when importing files.
A flaw was discovered with how warning messages are displayed while
importing a file. This attack requires a specially-crafted file but can
allow an attacker to trick the user in to executing a cross-site
scripting (XSS) attack. We recommend updating immediately to mitigate
this attack.
In addition to the security fixes, this release also includes these bug
fixes and more as part of our regular release cycle:
* An error where a database is named 0
* Fix for NULL as default not being shown
* Fix for recent tables list
* Fix for slow performance with table filtering
* Two-factor authentication (2FA) fails if the GD PHP library is missing
* Event scheduler toggle does not work
* ERR_BLOCKED_BY_XSS_AUDITOR error when exporting a table
* PHP 7.3 warning: "continue" in "switch" is equal to "break"
And several more. Complete notes are in the ChangeLog file included with
this release.
As always, downloads are available at https://www.phpmyadmin.net/downloads/
