- Update to 5.2.1
This is a security and bufix release.
* Security
- Fix (PMASA-2023-01, CWE-661)
Fix an XSS attack through the drag-and-drop upload feature.
* Bugfix
- issue #17522 Fix case where the routes cache file is invalid
- issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
- issue Fix blank page when some error occurs
- issue #17519 Fix Export pages not working in certain conditions
- issue #17496 Fix error in table operation page when partitions are broken
- issue #17386 Fix system memory and system swap values on Windows
- issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive
- issue #17271 Fix database names not showing on Processes tab
- issue #17424 Fix export limit size calculation
- issue #17366 Fix refresh rate popup on Monitor page
- issue #17577 Fix monitor charts size on RTL languages
- issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing
- issue #17586 Fix statistics not showing for empty databases
- issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore
- issue #17584 It's now possible to browse a database that includes two % in its name
- issue Fix PHP 8.2 deprecated string interpolation syntax
- issue Some languages are now correctly detected from the HTTP header
- issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true
- issue #17593 Table filtering now works when action buttons are on the right side of the row
- issue #17388 Find and Replace using regex now makes a valid query if no matching result set found
- issue #17551 Enum/Set editor will not fail to open when creating a new column
- issue #17659 Fix error when a database group is named tables, views, functions, procedures or events
- issue #17673 Allow empty values to be inserted into columns
- issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console
- issue Fixed debug queries console broken UI for query time and group count
- issue Fixed escaping of SQL query and errors for the debug console
- issue Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled
- issue #17543 Fix JS error on saving a new designer page
- issue #17546 Fix JS error after using save as and open page operation on the designer
- issue Fix PHP warning on GIS visualization when there is only one GIS column
- issue #17728 Some select HTML tags will now have the correct UI style
- issue #17734 PHP deprecations will only be shown when in a development environment
- issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long
- issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page
- issue #16418 Fix FAQ 1.44 about manually removing vendor folders
- issue #12359 Setup page now sends the Content-Security-Policy headers
- issue #17747 The Column Visibility Toggle will not be hidden by other elements
- issue #17756 Edit/Copy/Delete row now works when using GROUP BY
- issue #17248 Support the UUID data type for MariaDB >= 10.7
- issue #17656 Fix replace/change/set table prefix is not working
- issue Fix monitor page filter queries only filtering the first row
- issue Fix "Link not found!" on foreign columns for tables having no char column to show
- issue #17390 Fix "Create view" modal doesn't show on results and empty results
- issue #17772 Fix wrong styles for add button from central columns
- issue #17389 Fix HTML disappears when exporting settings to browser's storage
- issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page
- issue Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB)
- issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB)
- issue #17281 Fix links to databases for information_schema.SCHEMATA
- issue #17553 Fix Metro theme unreadable links above navigation tree
- issue #17553 Metro theme UI fixes and improvements
- issue #17553 Fix Metro theme login form with
- issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox
- issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working
- issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened
- issue Fix Original theme buttons style and login form width
- issue #17892 Fix closing index edit modal and reopening causes it to fire twice
- issue #17606 Fix preview SQL modal not working inside "Add Index" modal
- issue Fix PHP error on adding new column on create table form
- issue #17482 Default to "Full texts" when running explain statements
- issue Fixed Chrome scrolling performance issue on a textarea of an "export as text" page
- issue #17703 Fix datepicker appears on all fields, not just date
- issue Fix space in the tree line when a DB is expanded
- issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column
- issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL
- issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5
- issue Fix column names option for CSV Export
- issue #17177 Fix preview SQL when reordering columns doesn't work on move columns
- issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP
- issue #17944 Fix unable to create a view from tree view button
- issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround)
- issue #17967 Fix missing icon for collapse all button
- issue #18006 Fixed UUID columns can't be moved
- issue Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks
- issue Remove non working "Analyze Explain at MariaDB.org" button (MariaDB stopped this service)
- issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API
- issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs
- issue Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions
- issue #17398 Fix clicking on JSON columns triggers update query
- issue Fix silent JSON parse error on upload progress
- issue #17833 Fix "Add Parameter" button not working for Add Routine Screen
- issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page
- Rebase phpMyAdmin-config.patch.
OBS-URL: https://build.opensuse.org/request/show/1063733
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=377
- Update to 5.1.2
This is a security and bufix release.
* Security
- Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661)
Two factor authentication bypass
- Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661)
Multiple XSS and HTML injection attacks in setup script
* Bugfixes
- Revert a changed to $cfg['CharTextareaRows'] allow values
less than 7
- Fix encoding of enum and set values on edit value
- Fixed possible "Undefined index: clause_is_unique" error
- Fixed some situations where a user is logged out when working
with more than one server
- Fixed a problem with assigning privileges to a user using the
multiselect list when the database name has an underscore
- Enable cookie parameter "SameSite" when the PHP version
is 7.3 or newer
- Correctly handle the removal of "innodb_file_format" in
MariaDB and MySQL
OBS-URL: https://build.opensuse.org/request/show/948083
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=371
- Update to 5.1.2
This is a security and bufix release.
* Security
- Fix (CVE-2022-23807, PMASA-2022-1, CWE-661)
Two factor authentication bypass
- Fix (CVE-2022-23808, PMASA-2022-2, CWE-661)
Multiple XSS and HTML injection attacks in setup script
* Bugfixes
- Revert a changed to $cfg['CharTextareaRows'] allow values
less than 7
- Fix encoding of enum and set values on edit value
- Fixed possible "Undefined index: clause_is_unique" error
- Fixed some situations where a user is logged out when working
with more than one server
- Fixed a problem with assigning privileges to a user using the
multiselect list when the database name has an underscore
- Enable cookie parameter "SameSite" when the PHP version
is 7.3 or newer
- Correctly handle the removal of "innodb_file_format" in
MariaDB and MySQL
OBS-URL: https://build.opensuse.org/request/show/948077
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=370
- Update to 5.1.1
- Fixes for several PHP errors
- Fixes for "$cfg['DefaultTabDatabase']" and other related configuration directives not working properly
- Fix Yaml export to quote strings even when they are numeric
- Fix TCPDF open_basedir issue due to internal guessing code from TCPDF
- Fix for quick search not working when using more than one configured server
Fix datetime decimals displayed (.00000) after edit
- Fix new lines in text fields are doubled
- Fixed URL generation by removing un-needed & escaping for & char
- Improvements for working with PHP 8.1
- Improved handling of adding a new user with the Percona database server
For a detail cahngelog see:
https://demo.phpmyadmin.net/master-config/index.php?route=/changelog
OBS-URL: https://build.opensuse.org/request/show/897667
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=368
- Update to 5.1.0
- issue #15350 Change Media (MIME) type references to Media type
- issue #15377 Add a request router
- issue Automatically focus input in the two-factor authentication window
- issue #15509 Replace gender-specific pronouns with gender-neutral pronouns
- issue #15491 Improve complexity of generated passwords
- issue #14909 Add a configuration option to define the 1st day of week
- issue #12726 Made user names clickable in user accounts overview
- issue #15729 Improve virtuality dropdown for MariaDB > 10.1
- issue #15312 Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE)
when editing a table structure
- issue Added missing 'IF EXISTS' to 'DROP EVENT' when exporting databases
- issue #15232 Improve the padding in query result tool links
- issue #15064 Support exporting raw SQL queries
- issue #15555 Added ip2long transformation
- issue #15194 Fixed horizontal scroll on structure edit page
- issue #14820 Move table hide buttons in navigation to avoid hiding a table by mistake
- issue #14947 Use correct MySQL version if the version is 8.0 or above for documentation links
- issue #15790 Use "MariaDB Documentation" instead of "MySQL Documentation" on a MariaDB server
- issue #15880 Change "Show Query" link to a button
- issue #13371 Automatically toggle the radio button to "Create a page and save it" on Designer
- issue #12969 Tap and hold will not dismiss the error box anymore, you can now copy the error
- issue #15582 Don't disable "Empty" table button after clicking it
- issue #15662 Stay on the structure page after editing/adding/dropping indexes
- issue #15663 show structure after adding a column
- issue #16005 Remove symfony/yaml dependency
- issue #16005 Improve performance of dependency injection system by removing yaml parsing
- issue #15447 Disable phpMyAdmin storage database checkbox on databases list
- issue #16001 Add autocomplete attributes on login form
- issue #13519 Add "Preview SQL" option on Index dialog box when creating a new table
- issue #15954 Fixed export maximal length of created query input is too small
- issue Redesign the server status advisor page
- issue #13124 Use same height for SQL query textarea and Columns select in SQL page
- issue #16005 Add a new vendor constant "CACHE_DIR" that defaults
to "libraries/cache/" and store routing cache into this folder
- issue #16005 Warm-up the routing cache before building the release
- issue #16005 Use --optimize-autoloader when installing composer vendors before building the release
- issue #15992 Add back the table name to the printable version on "Structure" page
- issue #14815 Allow simplifying exported view syntax to only "CREATE VIEW"
- issue #15496 Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
- issue #14772 Add the password_hash PHP function as an option when inserting data
- issue #15136 Add a notice for Hex converter giving invalid results
- issue #16139 Use a textarea for JSON columns
- issue #16223 Make JSON input transformation editor less narrow
- issue #14340 Add a button on Export Page to show the SQL Query
- issue #16304 Add support for INET6 column type
- issue #16337 Fix example insert/update query default values
- issue #12961 Remove indexes from table relation
- issue #13557 Use a full list of functions instead of a separated one on insert/edit page "Function" selector
- issue #14795 Include routines in the export in a predictable order
- issue #16227 Fixed autocomplete is not working in case the table name is quoted by "`" symbols
- issue #15463 Force BINARY comparison when looking at privileges to avoid an SQL error on privileges tab
- issue #16430 Fixed Windows error message uses trailing / instead of \
- issue #16316 Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']"
- issue #16451 Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated
- issue #16451 Show an error message when the security limit is
reached instead of silently trimming the password to avoid confusion
- issue #15001 Add back Login Cookie Validity setting to the features form
- issue #16457 Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
- issue #13077 Moved tools section to left on large devices (Bootstrap xl)
- issue #15711 Moved some buttons to left on large devices (Bootstrap xl)
- issue #15584 Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network
- issue #15652 Replace deprecated FOUND_ROWS() function call on "distinct values" feature
- issue Export blobs as hex on JSON export
- issue #16095 Fix leading space not shown in a CHAR column when browsing a table
- issue Make procedures/functions SQL editor both side scrollable
- issue #16407 Bump pragmarx/google2fa conflict to >8.0
- issue #14953 Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
- issue #16477 Fixed no Option to enter TABLE specific permissions when the database name contains an "_" (underscore)
- issue #16498 Fixed empty text not appearing after deleting all Routines
- issue #16467 Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export
- issue #15658 Fixed saving UI displayed columns on a non database request fails
- issue #16495 Fix drop tables checkbox is above the checkbox for foreign keys
- issue #16485 Fix visual query builder missing "Build Query" button
- issue #16565 Added 'IF EXISTS' to 'DROP EVENT' when updating events to avoid replication issues
- issue Removed metro fonts that where Apache-2.0 files that are incompatible with GPL-2.0
- issue #16464 Made the relation view default to the current database when creating relations
- issue #16463 Fixed 'REFERENCES' privilege checkbox's title on new MySQL versions and on MariaDB
- issue #16405 Added jest as a Unit Testing tool for our javascript code
- issue #16252 Fixed the too small font size when editing rows (textareas)
- issue #16585 Fixed BLOB to JPG transformation PHP errors
- issue Made the console setup async to avoid blocking the page render
- issue #16429 Use PHP 8.0 fixed version (commit) for TCPDF
- issue #16005 Major performance improvements on browsing a lot of rows
- issue #16595 Fixed editing columns having a `_` in their name in specific conditions
- issue #16608 Fix "Sort by key" restore auto saved value
- issue #16611 Fixed unable to add tables to rename aliases twice on Export
- issue #16621 Fixed link HTML messed up in Advisor
- issue #16622 Fixed Advisor formatting incorrect for long_query_time notice
- issue #15389 Fixed reset current page indicator after deleting all rows to current page and not page 1
- issue #15997 Fixed auto save query
- issue #15997 Made auto saved query database or database+table independent
- issue #16641 Fixed query generation that was allowing JSON to have a length
- issue #15994 Fixed the selected value detection for "on update current_timestamp"
- issue #16614 Fixed PHP 8.0 dataseek offset call to the MySQLI extension
- issue #16662 Fixed Uncaught TypeError on "delete" button click of a database search results page
- issue Fixed Undefined index: selected_usr when the user tried to delete no selected user
- issue #16657 Fixed the QBE interface when the configuration storage is not enabled
- issue #16479 Fix our Selenium test-suite
- issue #16669 Fixed table search modal for BETWEEN
- issue #16667 Fixed LIKE and TINYINT in search not working properly
- issue #16424 Fixed numerical search in table and zoom
- issue Improve the version handling (new Version class) and add a VERSION_SUFFIX for vendors
- issue #14494 Fix uncaught TypeError when editing partitioning
- issue #16525 Fix PHP 8.0 failing tests when comparing 0 to ''
- issue #16429 Fixed PHP 8.0 errors on preg_replace and operand types
- issue #16490 Fixed PHP 8.0 function libxml_disable_entity_loader() is deprecated
- issue #16429 Fixed failing unit tests on PHP 8.0
- issue #16609 Fixed Sql.rearrangeStickyColumns is not a function
- Rebase phpMyAdmin-config.patch.
OBS-URL: https://build.opensuse.org/request/show/875360
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=366
- Use coreutils to generate blowfish secret to reduce dependencies
- Attempt to migrate modified configuration file rather than just
replacing it by default configuration
- The apache subpackage must require the main package, otherwise it
will not be uninstalled when the main package is uninstalled
- Generate blowfish secret and enable Apache modules/flags only on
install
- Only empty temporary directory on upgrade/uninstall (not remove)
to prevent RPM warnings/errors
- Don't empty directories not owned by this package (these should
have been cleaned up by previous versions that owned them)
OBS-URL: https://build.opensuse.org/request/show/858101
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=364
- Update to 4.9.5
This is a security release containing several bug fixes.
* PMASA-2020-2 SQL injection vulnerability in the user accounts
page, particularly when changing a password
* PMASA-2020-3 SQL injection vulnerability relating to the search
feature
* PMASA-2020-4 SQL injection and XSS having to do with displaying
results
* Removing of the "options" field for the external
transformation.
OBS-URL: https://build.opensuse.org/request/show/787358
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=347
