phpMyAdmin 4.9.9

Released 2022-01-23.

Welcome to the release of phpMyAdmin version 4.9.9. This is a release to fix two issues with the 4.9.8 release.

Fixed since phpMyAdmin 4.9.8:

* Fix a syntax error preventing use with PHP 5
* An error was shown regarding the new "hide_configuration_errors" directive when a controluser is set

Fixed in phpMyAdmin 4.9.8:

* Fix for a user potentially being able to disable their two factor authentication (PMASA-2022-1)
* Add a new configuration directive $cfg['URLQueryEncryption'] to allow encrypting sensitive information in the URL to prevent disclosure. Thanks to Rich Grimes  for suggesting this improvement
* Add a new configuration directive $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding the full error message when a log on attempt fails, which can leak hostnames or IP addresses of the target database server. Thanks to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for suggesting this improvement

This is a reminder that phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.1.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

Older version compatible with PHP 5.5 to 7.4 and MySQL/MariaDB 5.5 and newer. Currently supported for security fixes only.

Since July 2015 all phpMyAdmin releases are cryptographically signed by the releasing developer. You should verify that the signature matches the archive you have downloaded. Verification instructions are placed in our documentation in the Verifying phpMyAdmin releases chapter.