Bored of official project news? Then check out developers blogs at planet phpMyAdmin.

You can also follow us on Facebook or Twitter. The news are also available in a RSS feed.

phpMyAdmin 4.7.0-beta1 is released

2017-01-26

Welcome to phpMyAdmin 4.7.0-beta1, the first public beta release of the upcoming version 4.7.0.

This version is available for public testing before the actual release of 4.7.0. You can see existing issues or log new ones at https://github.com/phpmyadmin/phpmyadmin/issues.

A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.

A few highlights:

  • Log failed authentication attempts to syslog (useful for parsing by fail2ban, for example)
  • Add filtering for the database list
  • Add table filtering to the database 'Structure' tab
  • Add support for exporting user settings as a config.inc.php snippet
  • Add option to delete settings from browser storage
  • Changes to the JSON import and export format to better follow the JSON specification, however this breaks compatibilty with older versions. See https://docs.phpmyadmin.net/en/latest/import_export.html#json
  • Support for IPv6 proxies
  • Allow more connection parameters for the controluser connection
  • Rename 'Relations' to 'Relationships' in many places as it's a more correct term
  • More documentation for export configuration options
  • Remove support for Swekey authentication
  • Remove support for old, unsupported versions of Microsoft Internet Explorer
  • Removed $cfg['ThemePath']

Starting with this version, phpMyAdmin uses Composer to manage PHP library dependencies while under development. Users downloading the official source distribution will not notice a difference, however users of the git repository should refer to https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git for details.

Also beginning with this version, we've made some changes to the files available for download. There are now three different packages available: all-langauges and english are the same downloads we've offered for some time, the former featuring all languages for which we have a reasonable amount of translations and the latter being a smaller English-only download. We have added a source download, which includes the unit test suite, Gettext po files, documentation source, and JavaScript source files; these are omited from the other packages as most users have no need for them. We have also reduced the number of compression formats available due to low utilization; for each package we have .tar.gz, .tar.xz, and .zip formats available.

There are many more improvements; please refer to the ChangeLog for full details.

As always, downloads are available at https://www.phpmyadmin.net

Thanks to our sponsors for helping to make this work possible!

The phpMyAdmin Team

Seeking phpMyAdmin Developer (one year contract position)

2017-01-25

phpMyAdmin Developer (one year contract position)

Overview

The phpMyAdmin Project is looking for a full-time or part-time developer to assist in development, including bug fixing and refactoring.

Work plan

The ideal candidate will dynamically balance their workload based on outstanding issues and priority, but is anticipated to break down to these percentages (in priority order of what's most important to least important):

  • Security maintenance (5%)

  • Bug fixing and issue assessment (45%)

  • Code base improvement like refactoring and writing unit tests (45%)

  • Implementation of new features (5%)

Work conditions

  • The Developer shall publish a weekly blog post about his/her work to the phpMyAdmin community.

  • The Developer shall send a monthly invoice to the Software Freedom Conservancy for the work done during that month.

  • All work produced by the Developer is to be licensed under "GPLv2 or later".

  • This is an independent contractor position: the Developer will be responsible for his/her own equipment and expenses.

The Candidate

The candidate will be able to demonstrate a very good knowledge of phpMyAdmin's code base. In addition, we expect excellent skills in all of the technologies used by phpMyAdmin (PHP, HTML, JavaScript, jQuery, CSS, MySQL) and excellent communication skills.

Applying

Candidates should submit their proposal (including their CV, availability, and financial terms) to: pmadeveloper@sfconservancy.org. The deadline for this initial round of proposals is 2017-02-10.

phpMyAdmin 4.6.6, 4.4.15.10, and 4.0.10.19 are released

2017-01-23

The phpMyAdmin project is pleased to announce the release of phpMyAdmin versions 4.6.6 (including bug and security fixes), 4.4.15.10 (security fixes), and 4.0.10.19 (security fixes). We recommend all users update their phpMyAdmin installations.

There have been changes in the behavior since previous version:

  • Changed the suggested text in the query window for delete queries to avoid accidental data loss
  • Re-introduce a page which shows the output of phpinfo()

Aside from the changes and security improvements, many bugs have been fixed including:

  • Parsing of SQL queries with the BINARY function
  • Syntax error when adding or changing TIMESTAMP columns with default value as NULL
  • Broken "Edit" and "Export" links in the Routines tab
  • Creating a new user on older MariaDB servers
  • Format button in the SQL tab broken
  • Fixes for PHP 7.1
  • Problems with MySQL servers running with lower_case_names=2
  • Fixes for several PHP notices/warnings being shown

Please note that, as previously announced, the 4.4 branch is no longer supported. This security release is planned as the final 4.4 release. See the 4.4.15.10 release notes for more information.

As always, downloads and release notes are available at https://www.phpmyadmin.net/downloads

For more information, please see

The phpMyAdmin team

phpMyAdmin 4.6.5.2 is released

2016-12-05

Welcome to phpMyAdmin version 4.6.5.2, a patch-level release which fixes an issue with exporting certain character sequences including a backslash (\), such as \r\n.

Because this issue #12765 affects export functionality, we do recommend updating when possible.

As always, downloads are available at https://www.phpmyadmin.net/downloads/

Previously fixed in 4.6.5.1:

  • an issue affecting a small number of users using $cfg['Servers'][$i]['hide_db'] or $cfg['Servers'][$i]['only_db'].
  • an issue affecting the create table dialog where the partition selection tool was overzealous and made it difficult to create a new table.

Highlights from the 4.6.5 release:

  • Fix for expanding in navigation pane
  • Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies)
  • Fix editing of ENUM/SET/DECIMAL field structures
  • Improvements to the parser

A full list of changes is available in the ChangeLog file included with every release.

The phpMyAdmin team

phpMyAdmin 4.6.5.1 is released

2016-11-26

We at the phpMyAdmin project are releasing version 4.6.5.1 as a quick fix to two issues caused by yesterday's 4.6.5 release:

There are also minor improvements to the Czech language file and an improved error message when the mbstring extension is missing. Users of 4.6.5 who are not affected by these bugs need not upgrade to 4.6.5.1. Downloads are available from https://www.phpmyadmin.net/downloads The phpMyAdmin team

phpMyAdmin 4.0.10.18, 4.4.15.9, and 4.6.5 are released

2016-11-25

The phpMyAdmin project is pleased to announce the release of phpMyAdmin versions 4.6.5 (including bug and security fixes), 4.4.15.9 (security fixes), and 4.0.10.18 (security fixes). We recommend all users update their phpMyAdmin installations.

Aside from the security improvements, many bugs have been fixed in version 4.6.5 including:

  • Fix for expanding in navigation pane
  • Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies)
  • Fix editing of ENUM/SET/DECIMAL field structures
  • Improvements to the parser

Please note that this is expected to be the final release of the 4.4 branch, which ended security support on October 1, 2016.

We are particularly grateful for the work of researcher Emanuel Bronshtein who helped identify many of these flaws.

  • -The phpMyAdmin team

phpMyAdmin developer hired

2016-09-02

The phpMyAdmin project is excited to announce the hiring of a part-time contract developer. Thanks to our generous sponsors, we are very fortunate to retain the services of Deven Bansod, who will spend time on security fixes, improving the parser, and other bug fixes and feature improvements. We welcome Deven to this role and thank our sponsors who make this work possible.

phpMyAdmin 4.0.10.17, 4.4.15.8, and 4.6.4 are released

2016-08-16

The phpMyAdmin team announces the release of versions 4.0.10.17 (security fixes), 4.4.15.8 (security fixes), and 4.6.4 (security and bug fixes).

These release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release and the security announcements at https://www.phpmyadmin.net/security/.

Aside from the security fixes, bugs have been fixed in version 4.6.4 affecting:

  • Create view when no view name specified
  • Changing a password
  • Fix deleting of users with non-English locales
  • Fixed password change on MariaDB without auth plugin
  • and more

the phpMyAdmin team

phpMyAdmin 4.0.10.16, 4.4.15.7, and 4.6.3 are released

2016-06-23

The phpMyAdmin project announces the release of phpMyAdmin versions 4.0.10.16, 4.4.15.7, and 4.6.3. All versions feature many security fixes that are announced as PMASA-2016-17 through PMASA-2016-28 which are posted at https://www.phpmyadmin.net/security/.

Furthermore, version 4.6.3 includes the regularly scheduled maintenance improvements and bug fixes. In addition to bugs affecting particular version combinations, some of the other bugs fixed include:

  • Fixing cookie path on Windows
  • Fix MySQL SSL connections with some PHP versions
  • Fix listing of routines for non-privileged user

As well as several more. Complete details are available in the ChangeLog.

We highly recommend updating all affected versions immediately. Downloads are available at https://www.phpmyadmin.net/downloads.

We thank the many security researchers who found and reported these flaws.

The phpMyAdmin team

phpMyAdmin Project Successfully Completes Security Audit

2016-06-13

Code is Robust with No Serious Vulnerabilities Found

Software Freedom Conservancy congratulates its phpMyAdmin project on succesfuly completing completing a thorough security audit, as part of Mozilla's Secure Open Source Fund. No serious issues were found in the phyMyAdmin codebase.

Mozilla launched the SOS Fund as part of its Open Source Support Program. The SOS Fund focuses on auditing, remediation, and verification for key open source software projects. Conservancy's phpMyAdmin project was one of the first projects selected for the program. The security audit was performed by NCC Group. The phpMyAdmin team participated actively in the audit, making its key members available to the NCC Group team. As the audit states, the project has been one of the defacto tools for managing and maintaining MySQL databases for years. Its wide adoption matched with its potential for misuse, warrants regular review from a security perspective.

While no serious issues were found, the audit team found 3 medium risk and 5 low risk vulnerabilities, plus one informational issue. Most of these issues are already fixed in 4.6.2 release, and the more severe issues were covered by PMASA-2016-14, PMASA-2016-15 and PMASA-2016-16. The fixes were backported to older releases as well.

We at the phpMyAdmin project are excited to have been one of the early programs selected by the Mozilla SOS Fund, said project team member Isaac Bennetch, We appreciate Mozilla's dedication to ensuring making software more secure and are pleased that no serious flaws were found during the phpMyAdmin audit.

Conservancy and the phpMyAdmin project are proud of the results and thank Mozilla for funding and initiating the audit, well positioning phpMyAdmin to continue its critical role in free software with confidence. The full audit report is available here.