The phpMyAdmin team is pleased to announce the release of phpMyAdmin version
5.2.1. This is a bugfix release that also contains a security fix for an XSS
vulnerability in the drag-and-drop upload functionality (PMASA-2023-01). We
are also releasing version 4.9.11 which exclusively fixes the XSS
vulnerability.
This release of 5.2.1 contains many bug fixes.
Some highlights include: - issue #17506 Fix error when configuring 2FA
without XMLWriter or Imagick - issue #17519 Fix Export pages not working in
certain conditions - issue #17121 Fix password_hash function incorrectly
adding single quotes to password before hashing - issue #17736 Add utf8mb3
as an alias of utf8 on the charset description page - issue #17248 Support
the UUID data type for MariaDB >= 10.7 - issue #16042 Fixes malformed
downloads when using gzip compression type and FireFox browser - Add
spellcheck="false"
to all password fields and some text fields to avoid
spell-jacking data leaks - Fixes for JavaScript errors when using Designer -
Fixes for PHP 8.2 compatibility... read more
Welcome to the release of phpMyAdmin version 5.2.0. This release contains many
new features and quite a few bug fixes. We are simultaneously releasing
phpMyAdmin 5.1.4, which is the last release of the 5.1 line and is mostly
intended to help downstream packaging teams. Most users should migrate to
5.2.0.
Most notably, these releases resolve a networking error when exporting a file
(https://github.com/phpmyadmin/phpmyadmin/issues/17445).... read more
The phpMyAdmin team announces the release of versions 4.9.10 and 5.1.3.
These versions primarily address a regression that caused the navigation pane
to not function correctly when multiple pages of tables were shown.
Version 5.1.3 includes a security hardening improvement. The issue, reported
by Rafael Pedrero, could allow users to cause an error that would reveal the
path on disk where phpMyAdmin is running from. We believe this requires the
server to be running with display_errors on, which is not the recommended
setting for a production environment.... read more
Welcome to the release of phpMyAdmin version 4.9.9. This is a release to fix
two issues with the 4.9.8 release. We apologize for the inconvenience.
Fixed since phpMyAdmin 4.9.8:
Fixed in phpMyAdmin 4.9.8:
The phpMyAdmin project announces several new releases:
A flaw was identified in how phpMyAdmin processes two factor authentication; a
user could potentially manipulate their account to bypass two factor
authentication in subsequent authentication sessions (PMASA-2022-1)
(affects both 4.9 and 5.1).... read more
The infrastructure team would like to acknowledge the work of security
researcher Joël Aviad Ossi from pentest in helping us
improve some security weaknesses in our infrastructure. No user data was at
risk nor were our downloads vulnerable at any time; this is simply a note of
appreciation rather than a disclosure.
Thanks Joël for your assistance. Anyone with security concerns about the
project is always welcome to contact the team directly through the email link
at https://www.phpmyadmin.net/security/.... read more
We at the phpMyAdmin project are pleased to release phpMyAdmin 5.1.1, a bugfix
release.
There are many new bug fixes; a few highlights include:
&
escaping for & charWe at the phpMyAdmin project are pleased to publish phpMyAdmin 5.1.0.
There are many new features and bug fixes; a few highlights include:
Welcome to the release of phpMyAdmin version 4.9.7 and 5.0.4. These are bug
fix releases to address packaging problems with 4.9.6 and 5.0.3. Version 5.0.3
includes a few other minor bugs as well.
Fixed in both:
Additional fixes in 5.0.3:
Hello,
The phpMyAdmin team announces the release of both phpMyAdmin versions 4.9.6
and 5.0.3.
Both versions contain several important security fixes:
In addition, 5.0.3 contains many bugfixes. Some of the highlights include:
Hello,
The phpMyAdmin team announces the release of both 4.9.5 and 5.0.2.
Both versions contain several security fixes:
The phpMyAdmin team announces the release of versions 4.9.4 and 5.0.1.
As a reminder, version 4.x is in the LTS phase, where only security fixes and
critical bug fixes are made. Users are suggested to migrate to version 5.
These releases address two issues, a problem with two-factor authentication
that was introduced with the last releases, and a fix for an SQL injection
vulnerability that was reported by CSW Research Labs
https://twitter.com/cswcyberworks. This vulnerability is assigned
PMASA-2020-1 and requires that the attacker have logged in through a valid
MySQL account.... read more
Welcome to the release of phpMyAdmin version 5.0.0. This release is occurring
simultaneously with version 4.9.3; except for users with old PHP
installations, version 5.0.0 is the recommended version.
This release includes many new features and improvements from the 4.9 series.
We expect to maintain version 4 in a security capacity to support users with
older PHP installations. For full details about supported versions and end of
life dates, see the "Supported versions" grid at
https://www.phpmyadmin.net/downloads/.... read more
Welcome to phpMyAdmin 4.9.3, a routine bugfix release. This release is
occurring simultaneously with the release of phpMyAdmin 5.0.0, which is our
recommended version except for users with older PHP installations.
This is planned as the final bugfix release of phpMyAdmin version 4. Version 4
works with PHP versions 5.5 through (at least) 7.4, and MySQL versions 5.5
and newer (and the corresponding MariaDB versions). Version 5 will require
PHP 7.1 or newer, but we plan to maintain security fixes for version 4 as part
of our LTS program. For end of life details and supported versions, please see
the "Supported versions" grid at https://www.phpmyadmin.net/downloads/.... read more
Welcome to the first release candidate of phpMyAdmin 5.0.0. This release features a great number of new features and bug fixes.
This is expected to be the final release candidate before 5.0.0 is finalized. Please visit https://github.com/phpmyadmin/phpmyadmin/milestones to stay updated on the expected release date and known bugs.
Since 5.0.0-alpha1, there have been several bugfixes, none of which are particularly notable. For a complete comparison, you could visit https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_5_0_0ALPHA1..RELEASE_5_0_0RC1.... read more
Welcome to phpMyAdmin 4.9.2, a bugfix release that also contains a security fix.
This security fix is part of an ongoing effort to improve the security of the Designer feature and is designated PMASA-2019-5. There is also an improvement for how we sanitize Git version information shown on the home page, thanks to Ali Hubail.
This release includes fixes for many bugs, including:
Welcome to phpMyAdmin 4.9.1, a bugfix release.
This is a regularly-schedule bugfix release that also includes some security hardening measures.
We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of the team that the reported attack vector did not justify a separate release.... read more
Overall, it’s been a great experience and I loved how google promotes students
to actively participate in open source projects. Personally, I got to learn a
lot of things while working with PhpMyAdmin right from February this year. I
am thankful to the mentors Isaac Bennetch,
Saksham Gupta, William Desportes, Deven Bansod
and other community members for helping me through out the project.... read more
So finally it’s here, “The final week of GSoC 2019”. At this point, we
students need to submit code and evaluations and provide mentors all the
details so that they could evaluate us.
On the issue “Designer should show tables from other databases by
default”, this week I
reached at a state where I can successfully save the coordinates and all the
relevant details required to save a table in a page of the designer but the
point where I was stuck was that how to print all the tables(both from the
main database and the other database whose tables were added to the page). I
tried a lot of things and faced many weird issues too like once when I wanted
to print some variables on the page, I updated the main.twig file of the
designer but no idea why, the designer page stopped loading and after a lot of
efforts, I recovered this by deleting all the tables and pages data stored in
the pma__pdf_pages and pma__tables_coords table of the phpmyadmin’s
databases. During this issue, I tried a lthe time stayot of things and also
faced a lot of issues, specially when I tried to display the tables on the
page(when opened a page). I talked to my mentor Isaac regarding the same and
we decided to hold it for a while and complete the other things before time.
So I created a
PR(incomplete as of
now as the tables are being stored correctly but not retrieved correctly right
now).... read more
Here is the second last working week of GSoC 2019. During this week(actually
it’s more than a week, almost 10 days I guess), I looked into 2 issue which
are “Designer should show tables from other databases by
default” and
“Designer page save fails if dB name contains
period.”
While resolving the issue “Designer should show tables from other databases
by default”, I have
gone through the related discussion the code written by Raghuram Vadapalli in
this PR. Last week I
thought I have successfully reproduced the issue but while thinking of the
approach I got to know that I was wrong, actually I was not able to form
relations between between tables of the other databases. Thus I asked for the
steps to reproduce the same with the mentors and also posted the same on the
issue. I observed that even when there is no relation between tables of the
different databases, we couldn’t save the page successfully. For this, I first
looked at the code for displaying tables from other databases(by Raghuram
Vadapalli), also I discussed the same with Raghuram sir for a possible
solution but since he was not in touch with the organization for a while now
so he couldn’t help me here. Isaac sir suggested, “What the solution should do
is look in the phpMyAdmin configuration storage database (pmadb) and, if
there’s a reference to the current database and another database, it should
automatically show the other database”. With these initial suggestions and by
looking at the code Raghuram sir, I thought that as per the display code, we
can just add tables from 2 databases only but later on while adding the tables
from multiples database, it’s successfully adding the tables. The additional
layer(to save pages with tables from different database) should also work
with any number of databases. I started with this(actually in starting I
thought we can add tables just from 2 databases, which is wrong) and started
tracking the database variable.... read more
The main task of my project was to implement a more consistent UI for
phpMyAdmin. This was achieved by applying bootstrap4 classes to the code an
making corresponding changes in css files.
Weekly posts regarding my work are listed below:
-> https://pmagsocproject.wordpress.com/2019/06/26/gsoc-pmaweek1/
-> https://pmagsocproject.wordpress.com/2019/06/26/gsoc-pmaweek-2/
-> https://pmagsocproject.wordpress.com/2019/06/26/gsoc-pmaweek3/
-> https://pmagsocproject.wordpress.com/2019/06/26/gsoc-pma-week4/
-> https://pmagsocproject.wordpress.com/2019/07/11/gsoc-pma-week-5/
-> https://pmagsocproject.wordpress.com/2019/07/24/gsoc-pma-week6/
-> https://pmagsocproject.wordpress.com/2019/07/24/gsoc-pmaweek7/
-> https://pmagsocproject.wordpress.com/2019/08/04/gsoc-pmaweek8/
-> https://pmagsocproject.wordpress.com/2019/08/13/gsoc-pma-week-9/
One of the problem I was facing last week has finally been resolved. In one of
the issue, “Designer Save as
enhancement”, earlier
the changes were happening as expected but the problem was that it works only
when we have a alert message. It doesn’t work without alert message(in last
week, I wasn’t able to figure out why). Later on looking into the things, I
figured out that there was a problem of synchronization here. To resolve this,
I searched for a while and later on found .ajaxStop(). AjaxStop():
Register a handler to be called when all Ajax requests have completed.
“Whenever an Ajax request completes, jQuery checks whether there are any other
outstanding Ajax requests. If none remain, jQuery triggers the ajaxStop event.
Any and all handlers that have been registered with the .ajaxStop() method
are executed at this time. The ajaxStop event is also triggered if the last
outstanding Ajax request is cancelled by returning false within the beforeSend
callback function”(Source: https://api.jquery.com/ajaxStop/). Finally I
created a PR to resolve
the issue correctly.... read more
Converted the ul’s on the top of some pages to navs.
Also worked on the top bar of the pages.
Added more commits to the earlier opened PR’s of tables, forms.
With these, I have dealt with most of the elements. Now, will look at the
final improvements and required changes.
The PR related to the navs class is:
-> https://github.com/phpmyadmin/phpmyadmin/pull/15419
Last to last week we had our phase-2 evaluations and with the help of mentors,
I successfully passed in the evaluation. For this evaluation, I thank to my
mentors Isaac Bennetch, Deven Bansod, Saksham Gupta and William Desportes.
My mentors review was:
“ You’re continuing adequately with the project. You continue to produce code
that is consistent with my expectations. In the past week, your communication
has improved as we approached the deadline. Remember that regular blog posts
are how the community and the group of mentors follows your progress, so stay
on top of them, and even if a portion of code is undergoing review, further
decision, or hasn’t yet been merged there should be other areas to work on.
Keep pushing through and remember that the community has insight to help if
you get stuck or need guidance. William and Saksham are both great resources
aside from your mentor who are quite interested in the work you’re doing.”... read more
Table classes have been added to the remaining pages of pma.
Done with applying form related classes to elements of forms like ‘form-
control’ to ‘legends’ and ‘select’ , ‘form-check, form-check-input, form-
check-label’ to the ‘divs, checkboxes, associated labels’ respectively , etc.
The work can be seen in the following PR.
-> https://github.com/phpmyadmin/phpmyadmin/pull/15400