Menu

phpMyAdmin 4.9.8, 5.1.2, and 5.2.0-rc1 are released

The phpMyAdmin project announces several new releases:

  • 4.9.8, which fixes some security flaws
  • 5.1.2, which fixes some security flaws and contains many bug fixes including better PHP 8.0 and 8.1 compatibility
  • 5.2.0-rc1, a testing version introducing many new features

Security fixes (affected versions as noted)

A flaw was identified in how phpMyAdmin processes two factor authentication; a
user could potentially manipulate their account to bypass two factor
authentication in subsequent authentication sessions (PMASA-2022-1)
(affects both 4.9 and 5.1).

A series of weaknesses was identified allowing a malicious user to submit
malicious information to present an XSS or HTML injection attack in the
graphical setup page (PMASA-2022-2) (affects 5.1 only; not 4.9).

In some scenarios, potentially sensitive information such as a the database
name can be part of the URL. This can now be optionally encrypted. There are
two new configuration directives relating to this improvement:
$cfg['URLQueryEncryption'] and $cfg['URLQueryEncryptionSecretKey']. This
encryption can be enabled by setting URLQueryEncryption to true in your
config.inc.php. Thanks to Rich Grimes https://twitter.com/saltycoder for
suggesting this improvement (affects both 4.9 and 5.1).

During a failed log on attempt, the error message reveals the target database
server's hostname or IP address. This can reveal some information about the
network infrastructure to an attacker. This information can now be suppressed
through the $cfg['Servers'][$i]['hide_connection_errors'] directive. Thanks
to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for
suggesting this improvement (affects both 4.9 and 5.1).

Bug fixes (5.1.2 and 5.2.0-rc1)

  • Revert a changed to $cfg['CharTextareaRows'] allow values less than 7
  • Fix encoding of enum and set values on edit value
  • Fixed possible "Undefined index: clause_is_unique" error
  • Fixed some situations where a user is logged out when working with more than one server
  • Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore
  • Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer
  • Correctly handle the removal of "innodb_file_format" in MariaDB and MySQL

New features (5.2.0-rc1)

  • Removed support for Microsoft Internet Explorer
  • Requires PHP 7.2 or newer
  • Requires the openssl PHP extension
  • Improved handling of system CA bundle and cacert.pem, falling back to Mozilla CA if needed
  • Replace "master/slave" terms with "primary/replica"
  • Add "NOT LIKE %...%" operator to Table search
  • Add support for the Mroonga engine
  • Add support for account locking
  • Several fixes and improvements to the SQL parser library

There are, of course, many more fixes and new features that you can see in the
ChangeLog file included with this release or online at
https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

Isaac and the phpMyAdmin team

link

Posted by SourceForge Robot 2022-01-22
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.