Welcome to the release of phpMyAdmin version 5.2.2, the "I should have
released this sooner" release. This is primarily a bugfix release but
also contains a few security fixes as noted below.
- fix possible security issue in sql-parser which could cause long
execution times that could create a DOS attack (thanks to Maximilian
Krög <https://github.com/MoonE>)
- fix an XSS vulnerability in the check tables feature (PMASA-2025-1,
thanks to bluebird <https://github.com/blue-bird1>)
- fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to
frequent contributor Kamil Tekiela <https://github.com/kamil-tekiela>)
- fix possible security issue with library code slim/psr7 (CVE-2023-30536)
- fix possible security issue relating to iconv (CVE-2024-2961,
PMASA-2025-3)
- fix a full path disclosure in the Monitoring tab
- issue #18268 Fix UI issue the theme manager is disabled
- issue Allow opening server breadcrumb links in new tab with
Ctrl/Meta key
- issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent
cookie smuggling
- issue #18106 Fix renaming database with a view
- issue #18120 Fix bug with numerical tables during renaming database
- issue #16851 Fix ($cfg['Order']) default column order doesn't have
have any effect since phpMyAdmin 4.2.0
- issue #18258 Speed improvements when exporting a database
- issue #18769 Improved collations support for MariaDB 10.10
There are many, many more fixes that you can see in the ChangeLog file
included with this release or online at
https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_2_2/ChangeLog
Downloads are available now at https://phpmyadmin.net/downloads/
For the phpMyAdmin team,
Isaac
