News

Download

news@phpmyadmin.net

January 2020

1 participants
2 discussions

phpMyAdmin 4.9.4 and 5.0.1 are released
by Isaac Bennetch 07 Jan '20

07 Jan '20

The phpMyAdmin team announces the release of versions 4.9.4 and 5.0.1. As a reminder, version 4.x is in the LTS phase, where only security fixes and critical bug fixes are made. Users are suggested to migrate to version 5. These releases address two issues, a problem with two-factor authentication that was introduced with the last releases, and a fix for an SQL injection vulnerability that was reported by CSW Research Labs <https://twitter.com/cswcyberworks>. This vulnerability is assigned PMASA-2020-1 and requires that the attacker have logged in through a valid MySQL account. Known issue: the reported current release version may display incorrectly on the main page (for instance, "Version information: 5.0.1, latest stable version: 4.9.4"). This is expected to be fixed in the next routine bug fix release. Downloads are available at phpmyadmin.net. Happy new year, the phpMyAdmin team

1 0

phpMyAdmin security pre-release announcement
by Isaac Bennetch 06 Jan '20

06 Jan '20

Hello, The phpMyAdmin team is announcing that we are preparing a security fix which we plan to release tomorrow, approximately 24 hours from now. The attack vector requires that the attacker authenticate through a valid MySQL/MariaDB account. This announcement is part of our ongoing effort to announce security releases in advance, when available, and should not be interpreted as any commentary on the details of any specific vulnerability. If you have questions or concerns, you can reach me directly or contact the security team at security(a)phpmyadmin.net. Isaac for the phpMyAdmin team

1 0