August 25, 2018
Posted by: Admin : Category:
Phpmyadmin
The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains a security fix for an issue that can be exploited when importing files.
A flaw was discovered with how warning messages are displayed while importing a file. This attack requires a specially-crafted file but can allow an attacker to trick the user in to executing a cross-site scripting (XSS) attack. We recommend updating immediately to mitigate this attack.
In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:
- An error where a database is named 0
- Fix for NULL as default not being shown
- Fix for recent tables list
- Fix for slow performance with table filtering
- Two-factor authentication (2FA) fails if the GD PHP library is missing
- Event scheduler toggle does not work
- ERR_BLOCKED_BY_XSS_AUDITOR error when exporting a table
- PHP 7.3 warning: “continue” in “switch” is equal to “break”
And several more. Complete notes are in the ChangeLog file included with this release.
As always, downloads are available at https://www.phpmyadmin.net/downloads/
phpMyAdmin news
June 22, 2018
Posted by: Admin : Category:
Phpmyadmin
The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains an important security update and it is highly recommended that all users upgrade immediately.
The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the server. PHP open_basedir restrictions mitigate the effect of this flaw. For further details, see the PMASA announcement.
A second flaw was also fixed allowing an attacker to use a specially crafted database name to trick a user in to executing a cross-site scripting (XSS) attack in the Designer feature.
In addition to the security fixes, this release also includes these bug fixes as part of our regular release cycle:
- WHERE 0 clause causes a fatal error
- Fix missing “INDEX” icon
Known issues:
- Unable to log in with MySQL 8.0.11 (bug #14220, see also https://bugs.php.net/bug.php?id=76243)
- A few users have reported being unable to log in with a persistent error message “Failed to set session cookie. Maybe you are using HTTP instead of HTTPS”. In some cases, clearing the phpMyAdmin cookies (‘pma*’) resolves the issue.
Downloads are available at https://www.phpmyadmin.net/downloads/
phpMyAdmin news
May 25, 2018
Posted by: Admin : Category:
Phpmyadmin
Welcome to phpMyAdmin 4.8.1, a bug fix release.
A complete list of changes and bugs fixed is available from the ChangeLog file or changelog.php included with this release.
A few highlights of bugs fixed include:
- Fix to the scrollbar functionality and Browse table CSS overflow
- Dropping indexes and keys fails
- Show two factor (2FA) secret code next to QR image
- Configuration for DefaultLang and Lang
- MariaDB 10.2 ‘current_timestamp()’
- Remember table sorting is broken
Known issues:
- Unable to log in with MySQL 8.0.11 (bug #14220, see also https://bugs.php.net/bug.php?id=76243)
- A few users have reported being unable to log in with a persistent error message “Failed to set session cookie. Maybe you are using HTTP instead of HTTPS”. In some cases, clearing the phpMyAdmin cookies (‘pma*’) resolves the issue.
As always, downloads are available from https://www.phpmyadmin.net
The phpMyAdmin team
phpMyAdmin news
April 19, 2018
Posted by: Admin : Category:
Phpmyadmin
Welcome to phpMyAdmin 4.8.0.1, which fixes a security flaw found in phpMyAdmin.
This version fixes a security flaw found in version 4.8.0 where an attacker can manipulate
a user in to following a specially-crafted link, allowing the attacker to execute arbitrary
SQL commands on the server. For more information, please see https://www.phpmyadmin.net/security/PMASA-2018-2/
We recommend that all users upgrade.
Downloads are available at https://www.phpmyadmin.net/downloads/
The phpMyAdmin Team
phpMyAdmin news
April 07, 2018
Posted by: Admin : Category:
Phpmyadmin
Welcome to phpMyAdmin version 4.8.0. We are excited to bring you this updated version with many new features and bug fixes. There are no changes to system requirements.
A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.
Major changes include security enhancements such as removing the PHP eval() function and authentication logging, a mobile interface to improve the interface when used with tablets or mobile phones, and two-factor authentication options.
A few highlights of the changes include:
- Allow the removal of individual segments from pie charts
- Improved database search to allow matching the exact phrase
- phpMyAdmin no longer requires using the PHP eval() function
- The mbstring dependency is now optional
- Authentication logging using $ cfg[‘AuthLog’] https://docs.phpmyadmin.net/en/latest/config.html#cfg_AuthLog
- Add support for Google’s Invisible Captcha
- Improved handling of reCAPTCHA
- Fixes to the JavaScript editor for TIME values
- Improved the editor for the JSON data type
- Add “Format” button to the edit view form
- Implement mobile interface
- There are now configuration directives to set defaults for Transformation options https://docs.phpmyadmin.net/en/latest/config.html#default-options-for-transformations
- Allow Designer to show tables from other databases
- Add support for authentication using U2F and 2FA
- Designer: fix broken “Add tables from other database”
- Fix double escaping of ENUM dropdown
- Restore SQL query after session expires
- Query builder: Fix for new column not being added
- Fix for blank login page
- Changes to the handling of arg_separator for AJAX requests; see issue #13940
- Structure tab: fix silent failure to create new indexes
- Fix improperly escaped HTML code on the database structure page
- Fix JavaScript errors when using Internet Explorer (in particular when editing rows)
- Fix for broken error report
- Fix failed import
- Fix for “Cannot read property sql_query of undefined” errors
Much of this work is thanks to the hard work of our Google Summer of Code 2017 students.
Additionally, there have been continuous improvements to many of the translations. If you don’t see your language or find a problem, you can contribute too; see https://www.phpmyadmin.net/translate/ for details.
As always, downloads are available at https://www.phpmyadmin.net
Thanks to our sponsors for helping to make this work possible!
The phpMyAdmin Team
phpMyAdmin news
March 30, 2018
Posted by: Admin : Category:
Phpmyadmin
Welcome to the release candidate version of the upcoming 4.8.0 release. This is likely to be the final testing release before 4.8.0 is officially released.
This is a pre-release version, so please check any bugs against the issue tracker and report new ones at https://github.com/phpmyadmin/phpmyadmin/issues/.
A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.
Notable changes since 4.8.0-alpha1:
- Designer: fix broken “Add tables from other database”
- Fix double escaping of ENUM dropdown
- Restore SQL query after session expires
- Query builder: Fix for new column not being added
- Fix for blank login page
- Changes to the handling of arg_separator for AJAX requests; see issue #13940
- Structure tab: fix silent failure to create new indexes
- Fix improperly escaped HTML code on the database structure page
- Fix JavaScript errors when using Internet Explorer (in particular when editing rows)
- Fix for broken error report
- Fix failed import
- Fix for “Cannot read property sql_query of undefined” errors
The remaining notes are for changes from the 4.7.x branch to 4.8.0 and also applied to 4.8.0-alpha1.
Major changes include security enhancements such as removing the PHP eval() function and authentication logging, a mobile interface to improve the interface when used with tablets or mobile phones, and two-factor authentication options.
A few highlights of the changes include:
- Allow the removal of individual segments from pie charts
- Improved database search to allow matching the exact phrase
- phpMyAdmin no longer requires using the PHP eval() function
- The mbstring dependency is now optional
- Authentication logging using $ cfg[‘AuthLog’] https://docs.phpmyadmin.net/en/latest/config.html#cfg_AuthLog
- Add support for Google’s Invisible Captcha
- Improved handling of reCAPTCHA
- Fixes to the JavaScript editor for TIME values
- Improved the editor for the JSON data type
- Add “Format” button to the edit view form
- Implement mobile interface
- There are now configuration directives to set defaults for Transformation options https://docs.phpmyadmin.net/en/latest/config.html#default-options-for-transformations
- Allow Designer to show tables from other databases
- Add support for authentication using U2F and 2FA
Much of this work is thanks to the hard work of our Google Summer of Code 2017 students. We’re participating again, see https://github.com/phpmyadmin/phpmyadmin/wiki/GSoC_home.
Additionally, there have been continuous improvements to many of the translations. If you don’t see your language or find a problem, you can contribute too; see https://www.phpmyadmin.net/translate/ for details.
As always, downloads are available at https://www.phpmyadmin.net
Thanks to our sponsors for helping to make this work possible!
The phpMyAdmin Team
phpMyAdmin news
