Welcome to the release of phpMyAdmin version 4.9.7 and 5.0.4. These are
bug fix releases to address packaging problems with 4.9.6 and 5.0.3.
Version 5.0.3 includes a few other minor bugs as well.
Fixed in both:
* Two factor authentication was broken
* Incompatibilities with older PHP versions.
Additional fixes in 5.0.3:
* Fix for cleared search values when a Zoom search fails
* Fix a PHP error when reporting a certain JavaScript error
* Fixed latitude and longitude swap for geometries in edit mode
* Fix CREATE TABLE not being tracked when auto tracking is enabled
Sorry for the inconvenience.
This is expected to be the last release of 5.0, we have scheduled 5.1.0
as the next phpMyAdmin release.
This is a reminder that phpMyAdmin 4.9 is in the long-term support phase
where it will only get important security fixes and critical bug fixes.
Users are suggested to migrate to version 5.
Downloads are available now at https://phpmyadmin.net/downloads/
For the phpMyAdmin team,
Isaac
Hello,
The phpMyAdmin team announces the release of both phpMyAdmin versions
4.9.6 and 5.0.3.
Both versions contain several important security fixes:
* PMASA-2020-5 XSS vulnerability with transformation feature
* PMASA-2020-6 SQL injection vulnerability with the search feature
In addition, 5.0.3 contains many bugfixes. Some of the highlights include:
* Fix an error message about htmlspecialchars() when attempting to
export XML
* Support double tapping to edit on mobile
* Fix the error message "Use of undefined constant MYSQLI_TYPE_JSON"
when using mysqlnd
* Fix fatal JS error on index creation after using Enter key to submit
the form
* Fix "axis-order" to swap latitude and longitude on MySQL 8.1 or newer
* Fix an error when overwriting an existing query bookmark
* Fix some warnings that appear with PHP 8
* Fix alter user privileges query when editing an account with MySQL
8.0.11 and newer
* Fix issues regarding TIMESTAMP columns with default CURRENT_TIMESTAMP
in MySQL 8.0.13 and newer
* Fix a message that "Warning: error_reporting() has been disabled for
security reasons" on php 7.x
There are many other bugs fixes, please see the ChangeLog file included
with this release for full details.
Known shortcomings:
Due to changes in the MySQL authentication method, PHP versions prior to
7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests
show the problem actually began with MySQL 8.0.11). This relates to a
PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround,
that is to set your user account to use the current-style password hash
method, `mysql_native_password`. This unfortunate lack of coordination
has caused the incompatibility to affect all PHP applications, not just
phpMyAdmin. For more details, you can see our bug tracker item at
https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest
upgrading your PHP installation to take advantage of the upgraded
authentication methods.
Downloads are available now at https://phpmyadmin.net/downloads/
Hello,
The phpMyAdmin team is announcing that we are preparing a security fix
which we plan to release Friday, tomorrow, approximately 20-24 hours
from now.
The attack vector requires the attacker to have login access or be able
to trick a victim who has access to a database server. Both the 4.9 and
5.0 branches will be updated.
This announcement is part of our ongoing effort to announce security
releases in advance, when available, and should not be interpreted as
any commentary on the details or severity of any specific vulnerability.
If you have questions or concerns, you can reach me directly or contact
the security team at security(a)phpmyadmin.net.
Isaac for the phpMyAdmin team
