Phpmyadmin

The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 5.2.1. This is a bugfix release that also contains a security fix for an XSS vulnerability in the drag-and-drop upload functionality (PMASA-2023-01). We are also releasing version 4.9.11 which exclusively fixes the XSS vulnerability.

This release of 5.2.1 contains many bug fixes.

Some highlights include:
– issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
– issue #17519 Fix Export pages not working in certain conditions
– issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing
– issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page
– issue #17248 Support the UUID data type for MariaDB >= 10.7
– issue #16042 Fixes malformed downloads when using gzip compression type and FireFox browser
– Add spellcheck="false" to all password fields and some text fields to avoid spell-jacking data leaks
– Fixes for JavaScript errors when using Designer
– Fixes for PHP 8.2 compatibility

There are, of course, many more fixes and new features that you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

phpMyAdmin news

Welcome to the release of phpMyAdmin version 5.2.0. This release contains many new features and quite a few bug fixes. We are simultaneously releasing phpMyAdmin 5.1.4, which is the last release of the 5.1 line and is mostly intended to help downstream packaging teams. Most users should migrate to 5.2.0.

Most notably, these releases resolve a networking error when exporting a file (https://github.com/phpmyadmin/phpmyadmin/issues/17445).

Some other highlights of 5.2.0 include:

• Removed support for Microsoft Internet Explorer
• Requires PHP 7.2 or newer
• Requires the openssl PHP extension
• Improved handling of system CA bundle and cacert.pem, falling back to Mozilla CA if needed
• Replace “master/slave” terms with “primary/replica”
• Add “NOT LIKE %…%” operator to Table search
• Add support for the Mroonga engine
• Add support for account locking
• Several fixes and improvements to the SQL parser library

There are, of course, many more fixes and new features that you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

phpMyAdmin news

The phpMyAdmin team announces the release of versions 4.9.10 and 5.1.3.

These versions primarily address a regression that caused the navigation pane to not function correctly when multiple pages of tables were shown.

Version 5.1.3 includes a security hardening improvement. The issue, reported by Rafael Pedrero, could allow users to cause an error that would reveal the path on disk where phpMyAdmin is running from.
We believe this requires the server to be running with display_errors on, which is not the recommended setting for a production environment.

Version 5.1.3 includes a few other minor bug fixes and is recommended for all users.

Note that version 4.9 is in extended security support only. Version 5.2.0 is in final testing and is expected to replace the 5.1 branch in the coming week or weeks, with no changes to required versions of PHP or database server.

For the phpMyAdmin team,
Isaac

phpMyAdmin news

Welcome to the release of phpMyAdmin version 4.9.9. This is a release to fix two issues with the 4.9.8 release. We apologize for the inconvenience.

Fixed since phpMyAdmin 4.9.8:

• Fix a syntax error preventing use with PHP 5
• An error was shown regarding the new “hide_configuration_errors” directive when a controluser is set

Fixed in phpMyAdmin 4.9.8:

• Fix for a user potentially being able to disable their two factor authentication (PMASA-2022-1)
• Add a new configuration directive $ cfg[‘URLQueryEncryption’] to allow encrypting sensitive information in the URL to prevent disclosure. Thanks to Rich Grimes https://twitter.com/saltycoder for suggesting this improvement
• Add a new configuration directive $ cfg[‘Servers’][$ i][‘hide_connection_errors’] to allow hiding the full error message when a log on attempt fails, which can leak hostnames or IP addresses of the target database server. Thanks to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for suggesting this improvement

Note that the 5.1.2 has two known issues, the hide_connection_errors and an issue with the navigation pane. We are preparing fixes for those and will release version 5.1.3 separately.

This is a reminder that phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.1.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

phpMyAdmin news

We at the phpMyAdmin project are pleased to release phpMyAdmin 5.1.1, a bugfix release.

There are many new bug fixes; a few highlights include:

• Fixes for several PHP errors
• Fixes for “$ cfg[‘DefaultTabDatabase’]” and other related configuration directives not working properly
• Fix Yaml export to quote strings even when they are numeric
• Fix TCPDF open_basedir issue due to internal guessing code from TCPDF
• Fix for quick search not working when using more than one configured server
• Fix datetime decimals displayed (.00000) after edit
• Fix new lines in text fields are doubled
• Fixed URL generation by removing un-needed & escaping for & char
• Improvements for working with PHP 8.1
• Improved handling of adding a new user with the Percona database server

There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

Isaac and the phpMyAdmin team

phpMyAdmin news