[phpMyAdmin Developers] Security announcement: phpMyAdmin 4.8.4 is released
Isaac Bennetch
bennetch at gmail.com
Tue Dec 11 15:34:58 CET 2018
The phpMyAdmin team announces the release of phpMyAdmin version 4.8.4.
Among other bug fixes, this contains several important security fixes.
Upgrading is highly recommended for all users.
The security fixes involve:
* Local file inclusion
(https://www.phpmyadmin.net/security/PMASA-2018-6/),
* XSRF/CSRF vulnerabilities allowing a specially-crafted URL to
perform harmful operations
(https://www.phpmyadmin.net/security/PMASA-2018-7/), and
* an XSS vulnerability in the navigation tree
(https://www.phpmyadmin.net/security/PMASA-2018-8/)
In addition to the security fixes, this release also includes these bug
fixes and more as part of our regular release cycle:
* Issue with changing theme
* Ensure that database names with a dot ('.') are handled properly
when DisableIS is true
* Fix for message "Error while copying database (pma__column_info)"
* Move operation causes "SELECT * FROM `undefined`" error
* When logging with $cfg['AuthLog'] to syslog, successful login
messages were not logged when $cfg['AuthLogSuccess'] was true
* Multiple errors and regressions with Designer
And several more. Complete notes are in the ChangeLog file included with
this release.
Note that for this release, we experimented with a pre-release
announcement so that hosting providers and package managers would have
an opportunity to prepare for the security release. If this was helpful
to you or if you have feedback about this technique, please let us know
through the public list developers at phpmyadmin.net or privately at
security at phpmyadmin.net. We may or may not decide use this behavior in
the future and your feedback will help us decide whether it's beneficial
to the community.
As always, downloads are available at https://www.phpmyadmin.net/downloads/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.phpmyadmin.net/pipermail/developers/attachments/20181211/4de8bdce/attachment.sig>
More information about the Developers
mailing list