Welcome to the release of phpMyAdmin version 4.9.9. This is a release to fix two issues with the 4.9.8 release. We apologize for the inconvenience.
Fixed since phpMyAdmin 4.9.8:
- Fix a syntax error preventing use with PHP 5
- An error was shown regarding the new “hide_configuration_errors” directive when a controluser is set
Fixed in phpMyAdmin 4.9.8:
- Fix for a user potentially being able to disable their two factor authentication (PMASA-2022-1)
- Add a new configuration directive $ cfg[‘URLQueryEncryption’] to allow encrypting sensitive information in the URL to prevent disclosure. Thanks to Rich Grimes https://twitter.com/saltycoder for suggesting this improvement
- Add a new configuration directive $ cfg[‘Servers’][$ i][‘hide_connection_errors’] to allow hiding the full error message when a log on attempt fails, which can leak hostnames or IP addresses of the target database server. Thanks to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for suggesting this improvement
Note that the 5.1.2 has two known issues, the hide_connection_errors and an issue with the navigation pane. We are preparing fixes for those and will release version 5.1.3 separately.
This is a reminder that phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.1.
Downloads are available now at https://phpmyadmin.net/downloads/
For the phpMyAdmin team,
Isaac
Leave a Reply