Hello,
The phpMyAdmin team announces the release of both 4.9.5 and 5.0.2.
Both versions contain several security fixes:
We are removing the ability for users to set "options" field for the external
transformation. This must now be hard coded in the plugin file directly
(where the program is configured). This feature allows users to pipe output
directly to an executable file, however the options field presented a security
risk and we have decided to move the options to be hard coded in the
transformation plugin file. For further assistance, please reach out to our
support team through email or Github pull request.
Version 5.0.3 also contains many bug fixes:
There are many other bugs fixes, please see the ChangeLog file included with
this release for full details.
Known shortcomings:
Due to changes in the MySQL authentication method, PHP versions prior to 7.4
are unable to authenticate to a MySQL 8.0 or newer server (our tests show the
problem actually began with MySQL 8.0.11). This relates to a PHP bug
https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set
your user account to use the current-style password hash method,
mysql_native_password. This unfortunate lack of coordination has caused the
incompatibility to affect all PHP applications, not just phpMyAdmin. For more
details, you can see our bug tracker item at
https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest upgrading
your PHP installation to take advantage of the authentication methods.
As a reminder, phpMyAdmin 4.9 is in the long-term support phase where it will
only get important security fixes and critical bug fixes. Users are suggested
to migrate to version 5.0.
Downloads are available now at https://phpmyadmin.net/downloads/
For the phpMyAdmin team, Isaac