Welcome to the release of phpMyAdmin version 5.2.0. This release
contains many new features and quite a few bug fixes. Simultaneously, we
are releasing phpMyAdmin 5.1.4, which is the last release of the 5.1
line and is intended to help downstream packaging teams.
Most notably, these releases resolve a networking error when exporting a
file (https://github.com/phpmyadmin/phpmyadmin/issues/17445).
Some highlights of 5.2.0 include:
* Removed support for Microsoft Internet Explorer
* Requires PHP 7.2 or newer
* Requires the openssl PHP extension
* Improved handling of system CA bundle and cacert.pem, falling back to
Mozilla CA if needed
* Replace "master/slave" terms with "primary/replica"
* Add "NOT LIKE %...%" operator to Table search
* Add support for the Mroonga engine
* Add support for account locking
* Several fixes and improvements to the SQL parser library
There are, of course, many more fixes and new features that you can see
in the ChangeLog file included with this release or online at
https://demo.phpmyadmin.net/master-config/index.php?route=/changelog
Downloads are available now at https://phpmyadmin.net/downloads/
For the phpMyAdmin team,
Isaac
The phpMyAdmin team announces the release of versions 4.9.10 and 5.1.3.
These versions primarily address a regression that caused the navigation
pane to not function correctly when multiple pages of tables were shown.
Version 5.1.3 includes a security hardening improvement. The issue,
reported by Rafael Pedrero, could allow users to cause an error that
would reveal the path on disk where phpMyAdmin is running from.
We believe this requires the server to be running with display_errors
on, which is not the recommended setting for a production environment.
Version 5.1.3 includes a few other minor bug fixes and is recommended
for all users.
Note that version 4.9 is in extended security support only. Version
5.2.0 is in final testing and is expected to replace the 5.1 branch in
the coming week or weeks, with no changes to required versions of PHP or
database server.
For the phpMyAdmin team,
Isaac
Welcome to the release of phpMyAdmin version 4.9.9. This is a release to
fix two issues with the 4.9.8 release. We apologize for the inconvenience.
Fixed since phpMyAdmin 4.9.8:
* Fix a syntax error preventing use with PHP 5
* An error was shown regarding the new "hide_configuration_errors"
directive when a controluser is set
Fixed in phpMyAdmin 4.9.8:
* Fix for a user potentially being able to disable their two factor
authentication (PMASA-2022-1)
* Add a new configuration directive $cfg['URLQueryEncryption'] to allow
encrypting sensitive information in the URL to prevent disclosure.
Thanks to Rich Grimes <https://twitter.com/saltycoder> for suggesting
this improvement
* Add a new configuration directive
$cfg['Servers'][$i]['hide_connection_errors'] to allow hiding the full
error message when a log on attempt fails, which can leak hostnames or
IP addresses of the target database server. Thanks to Dr. Shuzhe Yang,
Manager Security Governance at GLS IT Services for suggesting this
improvement
Note that the 5.1.2 has two known issues, the hide_connection_errors and
an issue with the navigation pane. We are preparing fixes for those and
will release version 5.1.3 separately.
This is a reminder that phpMyAdmin 4.9 is in the long-term support phase
where it will only get important security fixes and critical bug fixes.
Users are suggested to migrate to version 5.1.
Downloads are available now at https://phpmyadmin.net/downloads/
For the phpMyAdmin team,
Isaac
The phpMyAdmin project announces several new releases:
* 4.9.8, which fixes some security flaws
* 5.1.2, which fixes some security flaws and contains many bug fixes
including better PHP 8.0 and 8.1 compatibility
* 5.2.0-rc1, a testing version introducing many new features
## Security fixes (affected versions as noted)
A flaw was identified in how phpMyAdmin processes two factor
authentication; a user could potentially manipulate their account to
bypass two factor authentication in subsequent authentication sessions
(PMASA-2022-1) (affects both 4.9 and 5.1).
A series of weaknesses was identified allowing a malicious user to
submit malicious information to present an XSS or HTML injection attack
in the graphical setup page (PMASA-2022-2) (affects 5.1 only; not 4.9).
In some scenarios, potentially sensitive information such as a the
database name can be part of the URL. This can now be optionally
encrypted. There are two new configuration directives relating to this
improvement: `$cfg['URLQueryEncryption']` and
`$cfg['URLQueryEncryptionSecretKey']`. This encryption can be enabled by
setting URLQueryEncryption to true in your `config.inc.php`. Thanks to
Rich Grimes <https://twitter.com/saltycoder> for suggesting this
improvement (affects both 4.9 and 5.1).
During a failed log on attempt, the error message reveals the target
database server's hostname or IP address. This can reveal some
information about the network infrastructure to an attacker. This
information can now be suppressed through the
`$cfg['Servers'][$i]['hide_connection_errors']` directive. Thanks to Dr.
Shuzhe Yang, Manager Security Governance at GLS IT Services for
suggesting this improvement (affects both 4.9 and 5.1).
## Bug fixes (5.1.2 and 5.2.0-rc1)
* Revert a changed to $cfg['CharTextareaRows'] allow values less than 7
* Fix encoding of enum and set values on edit value
* Fixed possible "Undefined index: clause_is_unique" error
* Fixed some situations where a user is logged out when working with
more than one server
* Fixed a problem with assigning privileges to a user using the
multiselect list when the database name has an underscore
* Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer
* Correctly handle the removal of "innodb_file_format" in MariaDB and MySQL
## New features (5.2.0-rc1)
* Removed support for Microsoft Internet Explorer
* Requires PHP 7.2 or newer
* Requires the openssl PHP extension
* Improved handling of system CA bundle and cacert.pem, falling back to
Mozilla CA if needed
* Replace "master/slave" terms with "primary/replica"
* Add "NOT LIKE %...%" operator to Table search
* Add support for the Mroonga engine
* Add support for account locking
* Several fixes and improvements to the SQL parser library
There are, of course, many more fixes and new features that you can see
in the ChangeLog file included with this release or online at
<https://demo.phpmyadmin.net/master-config/index.php?route=/changelog>
Downloads are available now at <https://phpmyadmin.net/downloads/>
Isaac and the phpMyAdmin team
We at the phpMyAdmin project are pleased to release phpMyAdmin 5.1.1, a
bugfix release.
There are many new bug fixes; a few highlights include:
* Fixes for several PHP errors
* Fixes for "$cfg['DefaultTabDatabase']" and other related configuration
directives not working properly
* Fix Yaml export to quote strings even when they are numeric
* Fix TCPDF open_basedir issue due to internal guessing code from TCPDF
* Fix for quick search not working when using more than one configured
server
* Fix datetime decimals displayed (.00000) after edit
* Fix new lines in text fields are doubled
* Fixed URL generation by removing un-needed & escaping for & char
* Improvements for working with PHP 8.1
* Improved handling of adding a new user with the Percona database server
There are, of course, many more fixes you can see in the ChangeLog file
included with this release or online at
https://demo.phpmyadmin.net/master-config/index.php?route=/changelog
Downloads are available now at https://phpmyadmin.net/downloads/
Isaac and the phpMyAdmin team
We at the phpMyAdmin project are pleased to publish phpMyAdmin 5.1.0.
There are many new features and bug fixes; a few highlights include:
* Improve virtuality dropdown for MariaDB > 10.1
* Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when
editing a table structure
* Added ip2long transformation
* Improvements to linking to MySQL and MariaDB documentation
* Add "Preview SQL" option on Index dialog box when creating a new table
* Add a new vendor constant "CACHE_DIR" that defaults to
"libraries/cache/" and store routing cache into this folder
* Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
* Add the password_hash PHP function as an option when inserting data
* Improvements to editing and displaying columns of the JSON data type.
* Added support for "SameSite=Strict" on cookies using configuration
"$cfg['CookieSameSite']"
* Fixed AWS RDS IAM authentication doesn't work because pma_password is
truncated
* Add config parameters to support third-party ReCaptcha v2 compatible
APIs like hCaptcha
* Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when
ssl is not used on a private network
* Export blobs as hex on JSON export
* Fix leading space not shown in a CHAR column when browsing a table
* Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and
MariaDB >= 10.5.2)
* Fixed missing option to enter TABLE specific permissions when the
database name contains an "_" (underscore)
* Fixed a PHP notice "Trying to access array offset on value of type
null" on Designer PDF export
* Fix for several PHP 8 warnings or errors, giving this release full
compatibility with PHP 8
There are, of course, many more fixes you can see in the ChangeLog file
included with this release or online at
https://demo.phpmyadmin.net/master-config/index.php?route=/changelog
Downloads are available now at https://phpmyadmin.net/downloads/
Isaac and the phpMyAdmin team
Hi,
We at the phpMyAdmin project are delighted to offer a release candidate
for the upcoming version 5.1.0. This release, phpMyAdmin 5.1.0-rc1, is
meant as a testing release before the official release of 5.1.0, and is
expected to be the only release candidate before the full release.
There are many new features and bug fixes; a few highlights include:
* Improve virtuality dropdown for MariaDB > 10.1
* Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when
editing a table structure
* Added ip2long transformation
* Improvements to linking to MySQL and MariaDB documentation
* Add "Preview SQL" option on Index dialog box when creating a new table
* Add a new vendor constant "CACHE_DIR" that defaults to
"libraries/cache/" and store routing cache into this folder
* Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
* Add the password_hash PHP function as an option when inserting data
* Improvements to editing and displaying columns of the JSON data type.
* Added support for "SameSite=Strict" on cookies using configuration
"$cfg['CookieSameSite']"
* Fixed AWS RDS IAM authentication doesn't work because pma_password is
truncated
* Add config parameters to support third-party ReCaptcha v2 compatible
APIs like hCaptcha
* Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when
ssl is not used on a private network
* Export blobs as hex on JSON export
* Fix leading space not shown in a CHAR column when browsing a table
* Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and
MariaDB >= 10.5.2)
* Fixed missing option to enter TABLE specific permissions when the
database name contains an "_" (underscore)
* Fixed a PHP notice "Trying to access array offset on value of type
null" on Designer PDF export
* Fix for several PHP 8 warnings or errors, giving this release full
compatibility with PHP 8
There are, of course, many more fixes you can see in the ChangeLog file
included with this release or online at
https://demo.phpmyadmin.net/master-config/index.php?route=/changelog
Downloads are available now at https://phpmyadmin.net/downloads/
Isaac for the phpMyAdmin team
Welcome to the release of phpMyAdmin version 4.9.7 and 5.0.4. These are
bug fix releases to address packaging problems with 4.9.6 and 5.0.3.
Version 5.0.3 includes a few other minor bugs as well.
Fixed in both:
* Two factor authentication was broken
* Incompatibilities with older PHP versions.
Additional fixes in 5.0.3:
* Fix for cleared search values when a Zoom search fails
* Fix a PHP error when reporting a certain JavaScript error
* Fixed latitude and longitude swap for geometries in edit mode
* Fix CREATE TABLE not being tracked when auto tracking is enabled
Sorry for the inconvenience.
This is expected to be the last release of 5.0, we have scheduled 5.1.0
as the next phpMyAdmin release.
This is a reminder that phpMyAdmin 4.9 is in the long-term support phase
where it will only get important security fixes and critical bug fixes.
Users are suggested to migrate to version 5.
Downloads are available now at https://phpmyadmin.net/downloads/
For the phpMyAdmin team,
Isaac
Hello,
The phpMyAdmin team announces the release of both phpMyAdmin versions
4.9.6 and 5.0.3.
Both versions contain several important security fixes:
* PMASA-2020-5 XSS vulnerability with transformation feature
* PMASA-2020-6 SQL injection vulnerability with the search feature
In addition, 5.0.3 contains many bugfixes. Some of the highlights include:
* Fix an error message about htmlspecialchars() when attempting to
export XML
* Support double tapping to edit on mobile
* Fix the error message "Use of undefined constant MYSQLI_TYPE_JSON"
when using mysqlnd
* Fix fatal JS error on index creation after using Enter key to submit
the form
* Fix "axis-order" to swap latitude and longitude on MySQL 8.1 or newer
* Fix an error when overwriting an existing query bookmark
* Fix some warnings that appear with PHP 8
* Fix alter user privileges query when editing an account with MySQL
8.0.11 and newer
* Fix issues regarding TIMESTAMP columns with default CURRENT_TIMESTAMP
in MySQL 8.0.13 and newer
* Fix a message that "Warning: error_reporting() has been disabled for
security reasons" on php 7.x
There are many other bugs fixes, please see the ChangeLog file included
with this release for full details.
Known shortcomings:
Due to changes in the MySQL authentication method, PHP versions prior to
7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests
show the problem actually began with MySQL 8.0.11). This relates to a
PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround,
that is to set your user account to use the current-style password hash
method, `mysql_native_password`. This unfortunate lack of coordination
has caused the incompatibility to affect all PHP applications, not just
phpMyAdmin. For more details, you can see our bug tracker item at
https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest
upgrading your PHP installation to take advantage of the upgraded
authentication methods.
Downloads are available now at https://phpmyadmin.net/downloads/
Hello,
The phpMyAdmin team is announcing that we are preparing a security fix
which we plan to release Friday, tomorrow, approximately 20-24 hours
from now.
The attack vector requires the attacker to have login access or be able
to trick a victim who has access to a database server. Both the 4.9 and
5.0 branches will be updated.
This announcement is part of our ongoing effort to announce security
releases in advance, when available, and should not be interpreted as
any commentary on the details or severity of any specific vulnerability.
If you have questions or concerns, you can reach me directly or contact
the security team at security(a)phpmyadmin.net.
Isaac for the phpMyAdmin team