Bored of official project news? Then check out developers blogs at planet phpMyAdmin.
You can also follow us on Facebook or Twitter. The news are also available in a RSS feed.
2018-12-11
The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes.
The security fixes involve:
In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:
And several more. Complete notes are in the ChangeLog file included with this release.
Note that for this release, we experimented with a pre-release announcement so that hosting providers and package managers would have an opportunity to prepare for the security release. If this was helpful to you or if you have feedback about this technique, please let us know through the public list developers@phpmyadmin.net or privately at security@phpmyadmin.net. We may or may not decide use this behavior in the future and your feedback will help us decide whether it's beneficial to the community.
As always, downloads are available at https://www.phpmyadmin.net/downloads/
2018-12-09
The phpMyAdmin project is announcing an upcoming security release. We feel this vulnerability is significant enough to make this announcement in advance. Our intention is to release the download for version 4.8.4 on Tuesday (December 11) at approximately 1400-1500 UTC.
Details about the vulnerabilities will be provided at the time of release. Users, package managers, and others with questions or concerns can reach the security team in private at security@phpmyadmin.net.
2018-08-22
The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.3. Among other bug fixes, this contains a security fix for an issue that can be exploited when importing files.
A flaw was discovered with how warning messages are displayed while importing a file. This attack requires a specially-crafted file but can allow an attacker to trick the user in to executing a cross-site scripting (XSS) attack. We recommend updating immediately to mitigate this attack.
In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:
And several more. Complete notes are in the ChangeLog file included with this release.
As always, downloads are available at https://www.phpmyadmin.net/downloads/
2018-06-21
The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains an important security update and it is highly recommended that all users upgrade immediately.
The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the server. PHP open_basedir restrictions mitigate the effect of this flaw. For further details, see the PMASA announcement.
A second flaw was also fixed allowing an attacker to use a specially crafted database name to trick a user in to executing a cross-site scripting (XSS) attack in the Designer feature.
In addition to the security fixes, this release also includes these bug fixes as part of our regular release cycle:
Known issues:
Downloads are available at https://www.phpmyadmin.net/downloads/
2018-05-25
Welcome to phpMyAdmin 4.8.1, a bug fix release.
A complete list of changes and bugs fixed is available from the ChangeLog file or changelog.php included with this release.
A few highlights of bugs fixed include:
Known issues:
As always, downloads are available from https://www.phpmyadmin.net
The phpMyAdmin team
2018-04-23
The phpMyAdmin project is please to announce the students and projects that have been selected for participation in Google Summer of Code 2018.
This year the final selections were exceptionally difficult; we received applications from many students that were worthy of being selected. We wish the best to the students who were not selected and hope they'll continue to stay involved and apply again next year.
The students and projects are:
Google Summer of Code is sponsored by Google and allows college students the opportunity to get paid for work on real-world projects during the summer. The phpMyAdmin project has participated for many years and many new features and enhancements have been incorporated thanks to the work of these students. For more information on GSoC, see their website https://summerofcode.withgoogle.com/.
2018-04-19
Welcome to phpMyAdmin 4.8.0.1, which fixes a security flaw found in phpMyAdmin.
This version fixes a security flaw found in version 4.8.0 where an attacker can manipulate a user in to following a specially-crafted link, allowing the attacker to execute arbitrary SQL commands on the server. For more information, please see https://www.phpmyadmin.net/security/PMASA-2018-2/
We recommend that all users upgrade.
Downloads are available at https://www.phpmyadmin.net/downloads/
The phpMyAdmin Team
2018-04-07
Welcome to phpMyAdmin version 4.8.0. We are excited to bring you this updated version with many new features and bug fixes. There are no changes to system requirements.
A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.
Major changes include security enhancements such as removing the PHP eval() function and authentication logging, a mobile interface to improve the interface when used with tablets or mobile phones, and two-factor authentication options.
A few highlights of the changes include:
Much of this work is thanks to the hard work of our Google Summer of Code 2017 students.
Additionally, there have been continuous improvements to many of the translations. If you don't see your language or find a problem, you can contribute too; see https://www.phpmyadmin.net/translate/ for details.
As always, downloads are available at https://www.phpmyadmin.net
Thanks to our sponsors for helping to make this work possible!
The phpMyAdmin Team
2018-03-27
Welcome to the release candidate version of the upcoming 4.8.0 release. This is likely to be the final testing release before 4.8.0 is officially released.
This is a pre-release version, so please check any bugs against the issue tracker and report new ones at https://github.com/phpmyadmin/phpmyadmin/issues/.
A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.
Notable changes since 4.8.0-alpha1:
The remaining notes are for changes from the 4.7.x branch to 4.8.0 and also applied to 4.8.0-alpha1.
Major changes include security enhancements such as removing the PHP eval() function and authentication logging, a mobile interface to improve the interface when used with tablets or mobile phones, and two-factor authentication options.
A few highlights of the changes include:
Much of this work is thanks to the hard work of our Google Summer of Code 2017 students. We're participating again, see https://github.com/phpmyadmin/phpmyadmin/wiki/GSoC_home.
Additionally, there have been continuous improvements to many of the translations. If you don't see your language or find a problem, you can contribute too; see https://www.phpmyadmin.net/translate/ for details.
As always, downloads are available at https://www.phpmyadmin.net
Thanks to our sponsors for helping to make this work possible!
The phpMyAdmin Team
2018-03-05
Welcome to phpMyAdmin 4.7.9, a routine maintenance release containing bug fixes.
A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.
Notable changes since 4.7.8:
As always, downloads are available at https://www.phpmyadmin.net
Thanks to our sponsors for helping to make this work possible!
The phpMyAdmin Team