Phpmyadmin

phpMyAdmin 5.2.0 is released

May 12, 2022 by Admin Leave a Comment

Welcome to the release of phpMyAdmin version 5.2.0. This release contains many new features and quite a few bug fixes. We are simultaneously releasing phpMyAdmin 5.1.4, which is the last release of the 5.1 line and is mostly intended to help downstream packaging teams. Most users should migrate to 5.2.0.

Most notably, these releases resolve a networking error when exporting a file (https://github.com/phpmyadmin/phpmyadmin/issues/17445).

Some other highlights of 5.2.0 include:

Removed support for Microsoft Internet Explorer
Requires PHP 7.2 or newer
Requires the openssl PHP extension
Improved handling of system CA bundle and cacert.pem, falling back to Mozilla CA if needed
Replace “master/slave” terms with “primary/replica”
Add “NOT LIKE %…%” operator to Table search
Add support for the Mroonga engine
Add support for account locking
Several fixes and improvements to the SQL parser library

There are, of course, many more fixes and new features that you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

phpMyAdmin news

phpMyAdmin 4.9.10 and 5.1.3 are released

February 13, 2022 by Admin Leave a Comment

The phpMyAdmin team announces the release of versions 4.9.10 and 5.1.3.

These versions primarily address a regression that caused the navigation pane to not function correctly when multiple pages of tables were shown.

Version 5.1.3 includes a security hardening improvement. The issue, reported by Rafael Pedrero, could allow users to cause an error that would reveal the path on disk where phpMyAdmin is running from.
We believe this requires the server to be running with display_errors on, which is not the recommended setting for a production environment.

Version 5.1.3 includes a few other minor bug fixes and is recommended for all users.

Note that version 4.9 is in extended security support only. Version 5.2.0 is in final testing and is expected to replace the 5.1 branch in the coming week or weeks, with no changes to required versions of PHP or database server.

For the phpMyAdmin team,
Isaac

phpMyAdmin news

phpMyAdmin 4.9.8, 5.1.2, and 5.2.0-rc1 are released

January 28, 2022 by Admin Leave a Comment

The phpMyAdmin project announces several new releases:

4.9.8, which fixes some security flaws
5.1.2, which fixes some security flaws and contains many bug fixes including better PHP 8.0 and 8.1 compatibility
5.2.0-rc1, a testing version introducing many new features

Security fixes (affected versions as noted)

A flaw was identified in how phpMyAdmin processes two factor authentication; a user could potentially manipulate their account to bypass two factor authentication in subsequent authentication sessions (PMASA-2022-1) (affects both 4.9 and 5.1).

A series of weaknesses was identified allowing a malicious user to submit malicious information to present an XSS or HTML injection attack in the graphical setup page (PMASA-2022-2) (affects 5.1 only; not 4.9).

In some scenarios, potentially sensitive information such as a the database name can be part of the URL. This can now be optionally encrypted. There are two new configuration directives relating to this improvement: $ cfg['URLQueryEncryption'] and $ cfg['URLQueryEncryptionSecretKey']. This encryption can be enabled by setting URLQueryEncryption to true in your config.inc.php. Thanks to Rich Grimes https://twitter.com/saltycoder for suggesting this improvement (affects both 4.9 and 5.1).

During a failed log on attempt, the error message reveals the target database server’s hostname or IP address. This can reveal some information about the network infrastructure to an attacker. This information can now be suppressed through the $ cfg['Servers'][$ i]['hide_connection_errors'] directive. Thanks to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for suggesting this improvement (affects both 4.9 and 5.1).

Bug fixes (5.1.2 and 5.2.0-rc1)

Revert a changed to $ cfg[‘CharTextareaRows’] allow values less than 7
Fix encoding of enum and set values on edit value
Fixed possible “Undefined index: clause_is_unique” error
Fixed some situations where a user is logged out when working with more than one server
Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore
Enable cookie parameter “SameSite” when the PHP version is 7.3 or newer
Correctly handle the removal of “innodb_file_format” in MariaDB and MySQL

New features (5.2.0-rc1)

Removed support for Microsoft Internet Explorer
Requires PHP 7.2 or newer
Requires the openssl PHP extension
Improved handling of system CA bundle and cacert.pem, falling back to Mozilla CA if needed
Replace “master/slave” terms with “primary/replica”
Add “NOT LIKE %…%” operator to Table search
Add support for the Mroonga engine
Add support for account locking
Several fixes and improvements to the SQL parser library

Downloads are available now at https://phpmyadmin.net/downloads/

Isaac and the phpMyAdmin team

phpMyAdmin news

phpMyAdmin 4.9.9 is released

January 24, 2022 by Admin Leave a Comment

Welcome to the release of phpMyAdmin version 4.9.9. This is a release to fix two issues with the 4.9.8 release. We apologize for the inconvenience.

Fixed since phpMyAdmin 4.9.8:

Fix a syntax error preventing use with PHP 5
An error was shown regarding the new “hide_configuration_errors” directive when a controluser is set

Fixed in phpMyAdmin 4.9.8:

Fix for a user potentially being able to disable their two factor authentication (PMASA-2022-1)
Add a new configuration directive $ cfg[‘URLQueryEncryption’] to allow encrypting sensitive information in the URL to prevent disclosure. Thanks to Rich Grimes https://twitter.com/saltycoder for suggesting this improvement
Add a new configuration directive $ cfg[‘Servers’][$ i][‘hide_connection_errors’] to allow hiding the full error message when a log on attempt fails, which can leak hostnames or IP addresses of the target database server. Thanks to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for suggesting this improvement

Note that the 5.1.2 has two known issues, the hide_connection_errors and an issue with the navigation pane. We are preparing fixes for those and will release version 5.1.3 separately.

This is a reminder that phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.1.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

phpMyAdmin news

phpMyAdmin 5.1.1 is released

June 6, 2021 by Admin Leave a Comment

We at the phpMyAdmin project are pleased to release phpMyAdmin 5.1.1, a bugfix release.

There are many new bug fixes; a few highlights include:

Fixes for several PHP errors
Fixes for “$ cfg[‘DefaultTabDatabase’]” and other related configuration directives not working properly
Fix Yaml export to quote strings even when they are numeric
Fix TCPDF open_basedir issue due to internal guessing code from TCPDF
Fix for quick search not working when using more than one configured server
Fix datetime decimals displayed (.00000) after edit
Fix new lines in text fields are doubled
Fixed URL generation by removing un-needed & escaping for & char
Improvements for working with PHP 8.1
Improved handling of adding a new user with the Percona database server

There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

Isaac and the phpMyAdmin team

phpMyAdmin news

phpMyAdmin 5.1.0 is released

February 26, 2021 by Admin Leave a Comment

We at the phpMyAdmin project are pleased to publish phpMyAdmin 5.1.0.

There are many new features and bug fixes; a few highlights include:

Improve virtuality dropdown for MariaDB > 10.1
Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure
Added ip2long transformation
Improvements to linking to MySQL and MariaDB documentation
Add “Preview SQL” option on Index dialog box when creating a new table
Add a new vendor constant “CACHE_DIR” that defaults to “libraries/cache/” and store routing cache into this folder
Add $ cfg[‘CaptchaSiteVerifyURL’] for Google ReCaptcha siteVerifyUrl
Add the password_hash PHP function as an option when inserting data
Improvements to editing and displaying columns of the JSON data type.
Added support for “SameSite=Strict” on cookies using configuration “$ cfg[‘CookieSameSite’]”
Fixed AWS RDS IAM authentication doesn’t work because pma_password is truncated
Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
Add $ cfg[‘MysqlSslWarningSafeHosts’] to set the red text black when ssl is not used on a private network
Export blobs as hex on JSON export
Fix leading space not shown in a CHAR column when browsing a table
Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
Fixed missing option to enter TABLE specific permissions when the database name contains an “_” (underscore)
Fixed a PHP notice “Trying to access array offset on value of type null” on Designer PDF export
Fix for several PHP 8 warnings or errors, giving this release full compatibility with PHP 8

There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

Isaac and the phpMyAdmin team

phpMyAdmin news