[phpMyAdmin News] phpMyAdmin 4.9.9 is released

Isaac Bennetch bennetch at gmail.com
Sun Jan 23 05:47:09 CET 2022


Welcome to the release of phpMyAdmin version 4.9.9. This is a release to
fix two issues with the 4.9.8 release. We apologize for the inconvenience.

Fixed since phpMyAdmin 4.9.8:

* Fix a syntax error preventing use with PHP 5
* An error was shown regarding the new "hide_configuration_errors"
directive when a controluser is set

Fixed in phpMyAdmin 4.9.8:

* Fix for a user potentially being able to disable their two factor
authentication (PMASA-2022-1)
* Add a new configuration directive $cfg['URLQueryEncryption'] to allow
encrypting sensitive information in the URL to prevent disclosure.
Thanks to Rich Grimes <https://twitter.com/saltycoder> for suggesting
this improvement
* Add a new configuration directive
$cfg['Servers'][$i]['hide_connection_errors'] to allow hiding the full
error message when a log on attempt fails, which can leak hostnames or
IP addresses of the target database server. Thanks to Dr. Shuzhe Yang,
Manager Security Governance at GLS IT Services for suggesting this
improvement

Note that the 5.1.2 has two known issues, the hide_connection_errors and
an issue with the navigation pane. We are preparing fixes for those and
will release version 5.1.3 separately.

This is a reminder that phpMyAdmin 4.9 is in the long-term support phase
where it will only get important security fixes and critical bug fixes.
Users are suggested to migrate to version 5.1.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.phpmyadmin.net/pipermail/news/attachments/20220122/df7c4afa/attachment.sig>


More information about the News mailing list