Bored of official project news? Then check out developers blogs at planet phpMyAdmin.
The phpMyAdmin project is pleased to announce the release of phpMyAdmin versions 4.6.5 (including bug and security fixes), 22.214.171.124 (security fixes), and 126.96.36.199 (security fixes). We recommend all users update their phpMyAdmin installations.
Aside from the security improvements, many bugs have been fixed in version 4.6.5 including:
Please note that this is expected to be the final release of the 4.4 branch, which ended security support on October 1, 2016.
We are particularly grateful for the work of researcher Emanuel Bronshtein who helped identify many of these flaws.
The phpMyAdmin project is excited to announce the hiring of a part-time contract developer. Thanks to our generous sponsors, we are very fortunate to retain the services of Deven Bansod, who will spend time on security fixes, improving the parser, and other bug fixes and feature improvements. We welcome Deven to this role and thank our sponsors who make this work possible.
The phpMyAdmin team announces the release of versions 188.8.131.52 (security fixes), 184.108.40.206 (security fixes), and 4.6.4 (security and bug fixes).
These release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release and the security announcements at https://www.phpmyadmin.net/security/.
Aside from the security fixes, bugs have been fixed in version 4.6.4 affecting:
the phpMyAdmin team
The phpMyAdmin project announces the release of phpMyAdmin versions 220.127.116.11, 18.104.22.168, and 4.6.3. All versions feature many security fixes that are announced as PMASA-2016-17 through PMASA-2016-28 which are posted at https://www.phpmyadmin.net/security/.
Furthermore, version 4.6.3 includes the regularly scheduled maintenance improvements and bug fixes. In addition to bugs affecting particular version combinations, some of the other bugs fixed include:
As well as several more. Complete details are available in the ChangeLog.
We highly recommend updating all affected versions immediately. Downloads are available at https://www.phpmyadmin.net/downloads.
We thank the many security researchers who found and reported these flaws.
The phpMyAdmin team
Software Freedom Conservancy congratulates its phpMyAdmin project on succesfuly completing completing a thorough security audit, as part of Mozilla's Secure Open Source Fund. No serious issues were found in the phyMyAdmin codebase.
Mozilla launched the SOS Fund as part of its Open Source Support Program. The SOS Fund focuses on auditing, remediation, and verification for key open source software projects. Conservancy's phpMyAdmin project was one of the first projects selected for the program. The security audit was performed by NCC Group. The phpMyAdmin team participated actively in the audit, making its key members available to the NCC Group team. As the audit states, the project
has been one of the defacto tools for managing and maintaining MySQL databases for years. Its wide adoption matched with its potential for misuse, warrants
regular review from a security perspective.
While no serious issues were found, the audit team found 3 medium risk and 5 low risk vulnerabilities, plus one informational issue. Most of these issues are already fixed in 4.6.2 release, and the more severe issues were covered by PMASA-2016-14, PMASA-2016-15 and PMASA-2016-16. The fixes were backported to older releases as well.
We at the phpMyAdmin project are excited to have been one of the early
programs selected by the Mozilla SOS Fund, said project team member Isaac Bennetch,
We appreciate Mozilla's dedication to ensuring making software more secure and are pleased that no serious flaws were found during the phpMyAdmin audit.
Conservancy and the phpMyAdmin project are proud of the results and thank Mozilla for funding and initiating the audit, well positioning phpMyAdmin to continue its critical role in free software with confidence. The full audit report is available here.
The phpMyAdmin Project is looking for a full-time or part-time developer to assist in development, including bug fixing and refactoring.
The ideal candidate will dynamically balance their workload based on outstanding issues and priority, but is anticipated to break down to these percentages (in priority order of what's most important to least important):
Security maintenance (5%)
Bug fixing and issue assessment (45%)
Code base improvement like refactoring and writing unit tests (45%)
Implementation of new features (5%)
The Developer shall publish a weekly blog post about his/her work to the phpMyAdmin community.
The Developer shall send a monthly invoice to the Software Freedom Conservancy for the work done during that month.
All work produced by the Developer is to be licensed under "GPLv2 or later".
This is an independent contractor position: the Developer will be responsible for his/her own equipment and expenses.
Candidates should submit their proposal (including their CV, availability, and financial terms) to: email@example.com. The deadline for this initial round of proposals is 2016-06-30.
The phpMyAdmin project is announcing a series of non-critical security advisories, including the release of version 22.214.171.124.
PMASA-2016-14 - Sensitive Data in URL GET Query Parameters. See https://www.phpmyadmin.net/security/PMASA-2016-14/ for more details.
PMASA-2016-15 - File Traversal Protection Bypass on Error Reporting. See https://www.phpmyadmin.net/security/PMASA-2016-15/ for more details.
PMASA-2016-16 - Self XSS. See https://www.phpmyadmin.net/security/PMASA-2016-16/ for more details.
Versions 4.6.2 and 126.96.36.199 have been released today including fixes for these.
Welcome to phpMyAdmin 4.6.2, a regular maintenance release consisting mostly of bug fixes and also including a few non-critical security fixes.
A few of the many bugs fixed include:
As well as several others. A complete list of changes is available in the ChangeLog file.
Downloads are available at https://www.phpmyadmin.net/downloads
Welcome to phpMyAdmin 4.6.1, a regular maintenance release consisting mostly of bug fixes.
A few of the many bugs fixed include:
A complete list of changes is available in the ChangeLog file.
Downloads are available at https://www.phpmyadmin.net/downloads/.
The phpMyAdmin team
Welcome to phpMyAdmin 4.6.0, a regular maintenance release including over 60 new features and bug fixes. Please note that this release ends support for old versions of Microsoft Internet Explorer, which are no longer supported by Microsoft. There is a new configuration directive, $cfg['Servers'][$i]['ssl_verify'] which is useful in some cases with self-signed certificates. The ForceSSL and PmaAbsoluteUri configuration directives have been removed (the functions of both of these should better be handled by the webserver than the application).
A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.
A few highlights:
There are many more improvements; please refer to the ChangeLog for full details.
As always, downloads are available at http://www.phpmyadmin.net/.
As always, thanks to our sponsors for helping to make this work possible!
The phpMyAdmin Team