Hosting-new.com

Hébergement web, cloud et solutions personnalisées

Phpmyadmin

Infrastructure security improvements

by Leave a Comment

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

The infrastructure team would like to acknowledge the work of security researcher Joël Aviad Ossi from pentest in helping us improve some security weaknesses in our infrastructure. No user data was at risk nor were our downloads vulnerable at any time; this is simply a note of appreciation rather than a disclosure.

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

Thanks Joël for your assistance. Anyone with security concerns about the project is always welcome to contact the team directly through the email link at https://www.phpmyadmin.net/security/.

phpMyAdmin news

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

phpMyAdmin 5.1.1 is released

by Leave a Comment

We at the phpMyAdmin project are pleased to release phpMyAdmin 5.1.1, a bugfix release.

There are many new bug fixes; a few highlights include:

  • Fixes for several PHP errors
  • Fixes for “$ cfg[‘DefaultTabDatabase’]” and other related configuration directives not working properly
  • Fix Yaml export to quote strings even when they are numeric
  • Fix TCPDF open_basedir issue due to internal guessing code from TCPDF
  • Fix for quick search not working when using more than one configured server
  • Fix datetime decimals displayed (.00000) after edit
  • Fix new lines in text fields are doubled
  • Fixed URL generation by removing un-needed & escaping for & char
  • Improvements for working with PHP 8.1
  • Improved handling of adding a new user with the Percona database server

There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

Isaac and the phpMyAdmin team

phpMyAdmin news

phpMyAdmin 5.1.0 is released

by Leave a Comment

We at the phpMyAdmin project are pleased to publish phpMyAdmin 5.1.0.

There are many new features and bug fixes; a few highlights include:

  • Improve virtuality dropdown for MariaDB > 10.1
  • Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure
  • Added ip2long transformation
  • Improvements to linking to MySQL and MariaDB documentation
  • Add “Preview SQL” option on Index dialog box when creating a new table
  • Add a new vendor constant “CACHE_DIR” that defaults to “libraries/cache/” and store routing cache into this folder
  • Add $ cfg[‘CaptchaSiteVerifyURL’] for Google ReCaptcha siteVerifyUrl
  • Add the password_hash PHP function as an option when inserting data
  • Improvements to editing and displaying columns of the JSON data type.
  • Added support for “SameSite=Strict” on cookies using configuration “$ cfg[‘CookieSameSite’]”
  • Fixed AWS RDS IAM authentication doesn’t work because pma_password is truncated
  • Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
  • Add $ cfg[‘MysqlSslWarningSafeHosts’] to set the red text black when ssl is not used on a private network
  • Export blobs as hex on JSON export
  • Fix leading space not shown in a CHAR column when browsing a table
  • Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
  • Fixed missing option to enter TABLE specific permissions when the database name contains an “_” (underscore)
  • Fixed a PHP notice “Trying to access array offset on value of type null” on Designer PDF export
  • Fix for several PHP 8 warnings or errors, giving this release full compatibility with PHP 8

There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

Isaac and the phpMyAdmin team

phpMyAdmin news

phpMyAdmin 4.9.7 and 5.0.4 are released

by Leave a Comment

Welcome to the release of phpMyAdmin version 4.9.7 and 5.0.4. These are bug fix releases to address packaging problems with 4.9.6 and 5.0.3. Version 5.0.3 includes a few other minor bugs as well.

Fixed in both:

  • Two factor authentication was broken
  • Incompatibilities with older PHP versions.

Additional fixes in 5.0.3:

  • Fix for cleared search values when a Zoom search fails
  • Fix a PHP error when reporting a certain JavaScript error
  • Fixed latitude and longitude swap for geometries in edit mode
  • Fix CREATE TABLE not being tracked when auto tracking is enabled

Sorry for the inconvenience.

This is expected to be the last release of 5.0, we have scheduled 5.1.0 as the next phpMyAdmin release.

This is a reminder that phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

phpMyAdmin news

phpMyAdmin 4.9.6 and 5.0.3 are released

by Leave a Comment

Hello,

The phpMyAdmin team announces the release of both phpMyAdmin versions 4.9.6 and 5.0.3.

Both versions contain several important security fixes:

  • PMASA-2020-5 XSS vulnerability with transformation feature
  • PMASA-2020-6 SQL injection vulnerability with the search feature

In addition, 5.0.3 contains many bugfixes. Some of the highlights include:

  • Fix an error message about htmlspecialchars() when attempting to export XML
  • Support double tapping to edit on mobile
  • Fix the error message “Use of undefined constant MYSQLI_TYPE_JSON” when using mysqlnd
  • Fix fatal JS error on index creation after using Enter key to submit the form
  • Fix “axis-order” to swap latitude and longitude on MySQL 8.1 or newer
  • Fix an error when overwriting an existing query bookmark
  • Fix some warnings that appear with PHP 8
  • Fix alter user privileges query when editing an account with MySQL 8.0.11 and newer
  • Fix issues regarding TIMESTAMP columns with default CURRENT_TIMESTAMP in MySQL 8.0.13 and newer
  • Fix a message that “Warning: error_reporting() has been disabled for security reasons” on php 7.x

There are many other bugs fixes, please see the ChangeLog file included with this release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests show the problem actually began with MySQL 8.0.11). This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set your user account to use the current-style password hash method, mysql_native_password. This unfortunate lack of coordination has caused the incompatibility to affect all PHP applications, not just phpMyAdmin. For more details, you can see our bug tracker item at https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest upgrading your PHP installation to take advantage of the upgraded authentication methods.

Downloads are available now at https://phpmyadmin.net/downloads/

phpMyAdmin news

phpMyAdmin 4.9.5 and 5.0.2 are released

by Leave a Comment

Hello,

The phpMyAdmin team announces the release of both 4.9.5 and 5.0.2.

Both versions contain several security fixes:

  • PMASA-2020-2 SQL injection vulnerability in the user accounts page,
    particularly when changing a password
  • PMASA-2020-3 SQL injection vulnerability relating to the search feature
  • PMASA-2020-4 SQL injection and XSS having to do with displaying results
  • Removing of the “options” field for the external transformation.

We are removing the ability for users to set “options” field for the
external transformation. This must now be hard coded in the plugin file directly (where the program is configured). This feature allows users to pipe output directly to an executable file, however the options field presented a security risk and we have decided to move the options to be hard coded in the transformation plugin file. For further assistance, please reach out to our support team through email or Github pull request.

Version 5.0.3 also contains many bug fixes:

  • Fix for copying a user account
  • Removed SET AUTOCOMMIT=0 from SQL export
  • Fix for the display of table borders
  • Fix for ENUM radio button user interface problems
  • Improved the prompt for abandoning changes when no changes were made
    in the SQL window
  • Fix for inserting a primary key with “insert as new row”
  • Fix incorrect suggested latest available version to version 5

There are many other bugs fixes, please see the ChangeLog file included
with this release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to
7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests
show the problem actually began with MySQL 8.0.11). This relates to a
PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround,
that is to set your user account to use the current-style password hash
method, mysql_native_password. This unfortunate lack of coordination has
caused the incompatibility to affect all PHP applications, not just
phpMyAdmin. For more details, you can see our bug tracker item at
https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest
upgrading your PHP installation to take advantage of the authentication
methods.

As a reminder, phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.0.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

phpMyAdmin news