Security fix: phpMyAdmin 4.8.4 is released

Posted by: Admin  :  Category: Phpmyadmin

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes.

The security fixes involve:

  • Local file inclusion (https://www.phpmyadmin.net/security/PMASA-2018-6/),
  • XSRF/CSRF vulnerabilities allowing a specially-crafted URL to perform harmful operations (https://www.phpmyadmin.net/security/PMASA-2018-7/), and
  • an XSS vulnerability in the navigation tree (https://www.phpmyadmin.net/security/PMASA-2018-8/)

In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

  • Issue with changing theme
  • Ensure that database names with a dot (‘.’) are handled properly when DisableIS is true
  • Fix for message “Error while copying database (pma__column_info)”
  • Move operation causes “SELECT * FROM `undefined`” error
  • When logging with $ cfg[‘AuthLog’] to syslog, successful login messages were not logged when $ cfg[‘AuthLogSuccess’] was true
  • Multiple errors and regressions with Designer

And several more. Complete notes are in the ChangeLog file included with this release.

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

Note that for this release, we experimented with a pre-release announcement so that hosting providers and package managers would have an opportunity to prepare for the security release. If this was helpful to you or if you have feedback about this technique, please let us know through the public list developers@phpmyadmin.net or privately at security@phpmyadmin.net. We may or may not decide use this behavior in the future and your feedback will help us decide whether it’s beneficial to the community.

As always, downloads are available at https://www.phpmyadmin.net/downloads/

phpMyAdmin news

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

PHP 7.1.25 Released

Posted by: Admin  :  Category: Php

PHP.net news & announcements

PHP 7.0.33 Released

Posted by: Admin  :  Category: Php

PHP.net news & announcements

PHP 7.3.0RC6 Released

Posted by: Admin  :  Category: Php

PHP.net news & announcements

PHP 7.0.10 Released

Posted by: Admin  :  Category: Php

PHP.net news & announcements

PHP 7.3.0RC5 Released

Posted by: Admin  :  Category: Php

PHP.net news & announcements