[phpMyAdmin Developers] phpMyAdmin 4.9.6 and 5.0.3 are released

Isaac Bennetch bennetch at gmail.com
Sat Oct 10 10:30:55 CEST 2020


The phpMyAdmin team announces the release of both phpMyAdmin versions
4.9.6 and 5.0.3.

Both versions contain several important security fixes:

* PMASA-2020-5 XSS vulnerability with transformation feature
* PMASA-2020-6 SQL injection vulnerability with the search feature

In addition, 5.0.3 contains many bugfixes. Some of the highlights include:

* Fix an error message about htmlspecialchars() when attempting to
export XML
* Support double tapping to edit on mobile
* Fix the error message "Use of undefined constant MYSQLI_TYPE_JSON"
when using mysqlnd
* Fix fatal JS error on index creation after using Enter key to submit
the form
* Fix "axis-order" to swap latitude and longitude on MySQL 8.1 or newer
* Fix an error when overwriting an existing query bookmark
* Fix some warnings that appear with PHP 8
* Fix alter user privileges query when editing an account with MySQL
8.0.11 and newer
* Fix issues regarding TIMESTAMP columns with default CURRENT_TIMESTAMP
in MySQL 8.0.13 and newer
* Fix a message that "Warning: error_reporting() has been disabled for
security reasons" on php 7.x

There are many other bugs fixes, please see the ChangeLog file included
with this release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to
7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests
show the problem actually began with MySQL 8.0.11). This relates to a
PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround,
that is to set your user account to use the current-style password hash
method, `mysql_native_password`. This unfortunate lack of coordination
has caused the incompatibility to affect all PHP applications, not just
phpMyAdmin. For more details, you can see our bug tracker item at
https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest
upgrading your PHP installation to take advantage of the upgraded
authentication methods.

Downloads are available now at https://phpmyadmin.net/downloads/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.phpmyadmin.net/pipermail/developers/attachments/20201010/d3067f60/attachment.sig>

More information about the Developers mailing list