The phpMyAdmin team announced the release of 4.9.5 and 5.0.2 versions. phpMyAdmin 4.9 is in the long-term support phase where it will only get important security fixes and critical bug fixes. The phpMyAdmin team suggests users to migrate to version 5.0. The latest versions remove the ability for users to set the “options” field for the external transformation. This feature is now had to be hard-coded in the plugin file directly. It allows users to pipe output directly to an executable file, however, the options field presented a security risk and we have decided to move the options to be hard-coded in the transformation plugin file.
Some of the most important security fixes included in both versions are:
- PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password
- PMASA-2020-3 SQL injection vulnerability relating to the search feature
- PMASA-2020-4 SQL injection and XSS having to do with displaying results
- Removing of the “options” field for the external transformation.
phpMyAdmin team also announced that 5.0.3 contains many bug fixes such as:
- Fix for copying a user account
- Removed SET AUTOCOMMIT=0 from SQL export
- Fix for the display of table borders
- Fix for ENUM radio button user interface problems
- Improved the prompt for abandoning changes when no changes were made in the SQL window
- Fix for inserting a primary key with “insert as new row”
- Fix incorrect suggested latest available version to version 5