phpMyAdmin News

Hello,

The phpMyAdmin team announces the release of both phpMyAdmin versions 4.9.6
and 5.0.3.

Both versions contain several important security fixes:

• PMASA-2020-5 XSS vulnerability with transformation feature
• PMASA-2020-6 SQL injection vulnerability with the search feature

In addition, 5.0.3 contains many bugfixes. Some of the highlights include:

• Fix an error message about htmlspecialchars() when attempting to export XML
• Support double tapping to edit on mobile
• Fix the error message "Use of undefined constant MYSQLI_TYPE_JSON" when using mysqlnd
• Fix fatal JS error on index creation after using Enter key to submit the form
• Fix "axis-order" to swap latitude and longitude on MySQL 8.1 or newer
• Fix an error when overwriting an existing query bookmark
• Fix some warnings that appear with PHP 8
• Fix alter user privileges query when editing an account with MySQL 8.0.11 and newer
• Fix issues regarding TIMESTAMP columns with default CURRENT_TIMESTAMP in MySQL 8.0.13 and newer
• Fix a message that "Warning: error_reporting() has been disabled for security reasons" on php 7.x

There are many other bugs fixes, please see the ChangeLog file included with
this release for full details.

Known shortcomings:

Due to changes in the MySQL authentication method, PHP versions prior to 7.4
are unable to authenticate to a MySQL 8.0 or newer server (our tests show the
problem actually began with MySQL 8.0.11). This relates to a PHP bug
https://bugs.php.net/bug.php?id=76243. There is a workaround, that is to set
your user account to use the current-style password hash method,
mysql_native_password. This unfortunate lack of coordination has caused the
incompatibility to affect all PHP applications, not just phpMyAdmin. For more
details, you can see our bug tracker item at
https://github.com/phpmyadmin/phpmyadmin/issues/14220. We suggest upgrading
your PHP installation to take advantage of the upgraded authentication
methods.

Downloads are available now at https://phpmyadmin.net/downloads/

link