phpMyAdmin 5.0.2

Released 2020-03-21.

Welcome to the release of phpMyAdmin version 5.0.2. This is fixes an important security flaw as well as containing several other bug fixes.

First the security fixes:
* PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password
* PMASA-2020-3 SQL injection vulnerability relating to the search feature
* PMASA-2020-4 SQL injection and XSS having to do with displaying results
* Removing of the "options" field for the external transformation.

We are removing the ability for users to set "options" field for the external transformation. This must now be hard
coded in the plugin file directly (where the program is configured). This feature allows users to pipe output directly to an executable file,
however the options field presented a security risk and we have decided to move the options to be hard coded in the transformation plugin file.
For further assistance, please reach out to our support team through email or Github pull request.

Next a few of the key bugfixes included with this release:
* Fix for copying a user account
* Removed SET AUTOCOMMIT=0 from SQL export
* Fix for the display of table borders
* Fix for ENUM radio button user interface problems
* Improved the prompt for abandoning changes when no changes were made in the SQL window
* Fix for inserting a primary key with "insert as new row"
* Fix incorrect suggested latest available version to version 5

There are many other bugs fixes, please see the ChangeLog file included with this release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests show the problem actually began with MySQL 8.0.11). This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set your user account to use the current-style password hash method, mysql_native_password. This unfortunate lack of coordination has caused the incompatibility to affect all PHP applications, not just phpMyAdmin. For more details, you can see our bug tracker item at https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest upgrading your PHP installation to take advantage of the authentication methods.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team,
Isaac

Current version compatible with PHP 7.1 and newer and MySQL 5.5 and newer.

File Size Verification
phpMyAdmin-5.0.2-all-languages.tar.gz 12.2 MB [PGP] [SHA256]
phpMyAdmin-5.0.2-all-languages.tar.xz 7.6 MB [PGP] [SHA256]
phpMyAdmin-5.0.2-english.tar.gz 7.6 MB [PGP] [SHA256]
phpMyAdmin-5.0.2-english.tar.xz 5.7 MB [PGP] [SHA256]
phpMyAdmin-5.0.2-english.zip 9.1 MB [PGP] [SHA256]
phpMyAdmin-5.0.2-source.tar.xz 14.2 MB [PGP] [SHA256]

Since July 2015 all phpMyAdmin releases are cryptographically signed by the releasing developer. You should verify that the signature matches the archive you have downloaded. Verification instructions are placed in our documentation in the Verifying phpMyAdmin releases chapter.