Bored of official project news? Then check out developers blogs at planet phpMyAdmin.

You can also follow us on Facebook or Twitter. The news are also available in a RSS feed.

phpMyAdmin 5.1.0 is released

2021-02-24

We at the phpMyAdmin project are pleased to publish phpMyAdmin 5.1.0.

There are many new features and bug fixes; a few highlights include:

  • Improve virtuality dropdown for MariaDB > 10.1
  • Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure
  • Added ip2long transformation
  • Improvements to linking to MySQL and MariaDB documentation
  • Add "Preview SQL" option on Index dialog box when creating a new table
  • Add a new vendor constant "CACHE_DIR" that defaults to "libraries/cache/" and store routing cache into this folder
  • Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
  • Add the password_hash PHP function as an option when inserting data
  • Improvements to editing and displaying columns of the JSON data type.
  • Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']"
  • Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated
  • Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
  • Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network
  • Export blobs as hex on JSON export
  • Fix leading space not shown in a CHAR column when browsing a table
  • Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
  • Fixed missing option to enter TABLE specific permissions when the database name contains an "_" (underscore)
  • Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export
  • Fix for several PHP 8 warnings or errors, giving this release full compatibility with PHP 8

There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog

Downloads are available now at https://phpmyadmin.net/downloads/

Isaac and the phpMyAdmin team

phpMyAdmin 4.9.7 and 5.0.4 are released

2020-10-15

Welcome to the release of phpMyAdmin version 4.9.7 and 5.0.4. These are bug fix releases to address packaging problems with 4.9.6 and 5.0.3. Version 5.0.3 includes a few other minor bugs as well.

Fixed in both:

  • Two factor authentication was broken
  • Incompatibilities with older PHP versions.

Additional fixes in 5.0.3:

  • Fix for cleared search values when a Zoom search fails
  • Fix a PHP error when reporting a certain JavaScript error
  • Fixed latitude and longitude swap for geometries in edit mode
  • Fix CREATE TABLE not being tracked when auto tracking is enabled

Sorry for the inconvenience.

This is expected to be the last release of 5.0, we have scheduled 5.1.0 as the next phpMyAdmin release.

This is a reminder that phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team, Isaac

phpMyAdmin 4.9.6 and 5.0.3 are released

2020-10-10

Hello,

The phpMyAdmin team announces the release of both phpMyAdmin versions 4.9.6 and 5.0.3.

Both versions contain several important security fixes:

  • PMASA-2020-5 XSS vulnerability with transformation feature
  • PMASA-2020-6 SQL injection vulnerability with the search feature

In addition, 5.0.3 contains many bugfixes. Some of the highlights include:

  • Fix an error message about htmlspecialchars() when attempting to export XML
  • Support double tapping to edit on mobile
  • Fix the error message "Use of undefined constant MYSQLI_TYPE_JSON" when using mysqlnd
  • Fix fatal JS error on index creation after using Enter key to submit the form
  • Fix "axis-order" to swap latitude and longitude on MySQL 8.1 or newer
  • Fix an error when overwriting an existing query bookmark
  • Fix some warnings that appear with PHP 8
  • Fix alter user privileges query when editing an account with MySQL 8.0.11 and newer
  • Fix issues regarding TIMESTAMP columns with default CURRENT_TIMESTAMP in MySQL 8.0.13 and newer
  • Fix a message that "Warning: error_reporting() has been disabled for security reasons" on php 7.x

There are many other bugs fixes, please see the ChangeLog file included with this release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests show the problem actually began with MySQL 8.0.11). This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set your user account to use the current-style password hash method, mysql_native_password. This unfortunate lack of coordination has caused the incompatibility to affect all PHP applications, not just phpMyAdmin. For more details, you can see our bug tracker item at https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest upgrading your PHP installation to take advantage of the upgraded authentication methods.

Downloads are available now at https://phpmyadmin.net/downloads/

phpMyAdmin 4.9.5 and 5.0.2 are released

2020-03-21

Hello,

The phpMyAdmin team announces the release of both 4.9.5 and 5.0.2.

Both versions contain several security fixes:

  • PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password
  • PMASA-2020-3 SQL injection vulnerability relating to the search feature
  • PMASA-2020-4 SQL injection and XSS having to do with displaying results
  • Removing of the "options" field for the external transformation.

We are removing the ability for users to set "options" field for the external transformation. This must now be hard coded in the plugin file directly (where the program is configured). This feature allows users to pipe output directly to an executable file, however the options field presented a security risk and we have decided to move the options to be hard coded in the transformation plugin file. For further assistance, please reach out to our support team through email or Github pull request.

Version 5.0.3 also contains many bug fixes:

  • Fix for copying a user account
  • Removed SET AUTOCOMMIT=0 from SQL export
  • Fix for the display of table borders
  • Fix for ENUM radio button user interface problems
  • Improved the prompt for abandoning changes when no changes were made in the SQL window
  • Fix for inserting a primary key with "insert as new row"
  • Fix incorrect suggested latest available version to version 5

There are many other bugs fixes, please see the ChangeLog file included with this release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests show the problem actually began with MySQL 8.0.11). This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set your user account to use the current-style password hash method, mysql_native_password. This unfortunate lack of coordination has caused the incompatibility to affect all PHP applications, not just phpMyAdmin. For more details, you can see our bug tracker item at https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest upgrading your PHP installation to take advantage of the authentication methods.

As a reminder, phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. Users are suggested to migrate to version 5.0.

Downloads are available now at https://phpmyadmin.net/downloads/

For the phpMyAdmin team, Isaac

phpMyAdmin 4.9.4 and 5.0.1 are released

2020-01-08

The phpMyAdmin team announces the release of versions 4.9.4 and 5.0.1.

As a reminder, version 4.x is in the LTS phase, where only security fixes and critical bug fixes are made. Users are suggested to migrate to version 5.

These releases address two issues, a problem with two-factor authentication that was introduced with the last releases, and a fix for an SQL injection vulnerability that was reported by CSW Research Labs https://twitter.com/cswcyberworks. This vulnerability is assigned PMASA-2020-1 and requires that the attacker have logged in through a valid MySQL account.

Known issue: the reported current release version may display incorrectly on the main page (for instance, "Version information: 5.0.1, latest stable version: 4.9.4"). This is expected to be fixed in the next routine bug fix release.

Downloads are available at phpmyadmin.net.

Happy new year, the phpMyAdmin team

phpMyAdmin 5.0.0 is released

2019-12-26

Welcome to the release of phpMyAdmin version 5.0.0. This release is occurring simultaneously with version 4.9.3; except for users with old PHP installations, version 5.0.0 is the recommended version.

This release includes many new features and improvements from the 4.9 series. We expect to maintain version 4 in a security capacity to support users with older PHP installations. For full details about supported versions and end of life dates, see the "Supported versions" grid at https://www.phpmyadmin.net/downloads/.

With this release, we are removing support of old PHP versions (5.5, 5.6, 7.0, and HHVM). These versions are outdated and are no longer supported by the PHP team.

Version 5.0 includes many coding improvements that modernize the interface. Many of these changes are transparent to users, but make the code easier to maintain. Much of this refactoring work is completed by our contract developer, Maurício Meneghini Fauth. We always consider applications for new (paid) contract developers, see https://www.phpmyadmin.net/contractor/ for program details.

Some of the changes and new features include:

  • Enable columns names by default for CSV exports
  • Add Metro theme
  • Automatically add the index when creating an auto increment column
  • Improvements to exporting views
  • Prompt the user for confirmation before running an UPDATE query with no WHERE clause
  • Improvements to how errors are show to the user (including allowing easier copying of the error text to the clipboard)
  • Added keystrokes to clear the line (ctrl+l) and clear the entire console window (ctrl+u)
  • Use charset 'windows-1252' when export format is MS Excel

There are several more changes, please refer to the ChangeLog file included with the release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests show the problem actually began with MySQL 8.0.11). This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set your user account to use the current-style password hash method, mysql_native_password. This unfortunate lack of coordination has caused the incompatibility to affect all PHP applications, not just phpMyAdmin. For more details, you can see our bug tracker item at https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest upgrading your PHP installation to take advantage of the authentication methods.

Downloads are available now at https://phpmyadmin.net/downloads/

Our work would not be possible without the donations of our generous sponsor, and this release in particular is brought to you thanks to the hard work of our Google Summer of Code students and many other contributors.

The phpMyAdmin team

phpMyAdmin 4.9.3 is released

2019-12-26

Welcome to phpMyAdmin 4.9.3, a routine bugfix release. This release is occurring simultaneously with the release of phpMyAdmin 5.0.0, which is our recommended version except for users with older PHP installations.

This is planned as the final bugfix release of phpMyAdmin version 4. Version 4 works with PHP versions 5.5 through (at least) 7.4, and MySQL versions 5.5 and newer (and the corresponding MariaDB versions). Version 5 will require PHP 7.1 or newer, but we plan to maintain security fixes for version 4 as part of our LTS program. For end of life details and supported versions, please see the "Supported versions" grid at https://www.phpmyadmin.net/downloads/.

This release includes fixes for many bugs, including:

  • Several PHP notices and warnings including "Undefined index table_create_time," a notice about error_reporting() being disabled for security reasons, and several Undefined Index errors.
  • Support CloudFront-Forwarded-Proto header for Amazon CloudFront proxy
  • Early compatibility with development versions of PHP 8
  • Fix replication actions (start, stop, etc)

There are many, many more bug fixes thanks to the efforts of our developers and other contributors. For full details, you can see the ChangeLog file included with this release.

The phpMyAdmin team

phpMyAdmin 5.0.0-rc1 is released

2019-11-22

Welcome to the first release candidate of phpMyAdmin 5.0.0. This release features a great number of new features and bug fixes.

This is expected to be the final release candidate before 5.0.0 is finalized. Please visit https://github.com/phpmyadmin/phpmyadmin/milestones to stay updated on the expected release date and known bugs.

Since 5.0.0-alpha1, there have been several bugfixes, none of which are particularly notable. For a complete comparison, you could visit https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_5_0_0ALPHA1..RELEASE_5_0_0RC1.

The following are the release notes from 5.0.0-alpha1:

With this release, we are removing support of old PHP versions (5.5, 5.6, 7.0, and HHVM). These versions are outdated and are no longer supported by the PHP team. Detailed requirement information is available in the documentation included with the download or at https://docs.phpmyadmin.net/en/latest/require.html. As shown at https://www.phpmyadmin.net/downloads/#support our current branch of 4.9.x is planned to remain supported for some time in an LTS capacity.

Some of the changes and new features include:

  • Enable columns names by default for CSV exports
  • Add Metro theme
  • Automatically add the index when creating an auto increment column
  • Improvements to exporting views
  • Prompt the user for confirmation before running an UPDATE query with no WHERE clause
  • Improvements to how errors are show to the user (including allowing easier copying of the error text to the clipboard)
  • Added keystrokes to clear the line (ctrl+l) and clear the entire console window (ctrl+u)
  • Use charset 'windows-1252' when export format is MS Excel

There are several more changes, please refer to the ChangeLog file included with the release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests show the problem actually began with MySQL 8.0.11). This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set your user account to use the current-style password hash method, mysql_native_password. This unfortunate lack of coordination has caused the incompatibility to affect all PHP applications, not just phpMyAdmin. For more details, you can see our bug tracker item at https://github.com/phpmyadmin/phpmyadmin/issues/14220.

Downloads are available now at https://phpmyadmin.net/downloads/

Our work would not be possible without the donations of our generous sponsor, and this release in particular is brought to you thanks to the hard work of our Google Summer of Code students and many other contributors.

For the team, Isaac

phpMyAdmin 4.9.2 is released

2019-11-22

Welcome to phpMyAdmin 4.9.2, a bugfix release that also contains a security fix.

This security fix is part of an ongoing effort to improve the security of the Designer feature and is designated PMASA-2019-5. There is also an improvement for how we sanitize Git version information shown on the home page, thanks to Ali Hubail.

This release includes fixes for many bugs, including:

  • Fixes for the "Failed to set session cookie" error which relates to the cookie name. In some cases, data stored in the cookie (such as the previously-used user account) may not be loaded from a previous phpMyAdmin cookie the first time you run version 4.9.2
  • Fix for Advisor with MySQL 8.0.3 and newer
  • Fix PHP deprecation errors
  • Fix a situation where exporting users after a delete query could remove users
  • Fix incorrect "You do not have privileges to manipulate with the users!" warning
  • Fix copying a database's privileges and several other problems moving columns with MariaDB
  • Fix for phpMyAdmin not selecting all the values when using shift-click to select during Export

There are many, many more bug fixes thanks to the efforts of our developers and other contributors.

The phpMyAdmin team

phpMyAdmin 4.9.1 is released

2019-09-21

Welcome to phpMyAdmin 4.9.1, a bugfix release.

This is a regularly-schedule bugfix release that also includes some security hardening measures.

We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of the team that the reported attack vector did not justify a separate release.

This release includes fixes for many bugs, including:

  • Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer
  • Compatibility issues with PHP 8
  • Export of GIS visualization
  • Enhanced descriptions for several collation types
  • Creating a user with a single quote in the password string
  • Unexpected quotes during import and export on text fields
  • Improvements to adding new tables to Designer
  • Fix an issue where an authenticated user could trigger heavy traffic between the database server and web server
  • Fix a weakness where an attacker, under certain conditions, working at the same time as an administrator is using the setup script, could delete a server from the setup script

There are many, many more bug fixes thanks to the efforts of our developers, Google Summer of Code applicants, and other contributors.

The phpMyAdmin team