On Jun 23, 2016 phpMyAdmin introduced the phpMyAdmin 4.6.3 release, accompanied with versions 22.214.171.124 and 126.96.36.199. phpMyAdmin is a free, open source tool developed in PHP and intended to handle the administration of MySQL database management system (DBMS). phpMyAdmin is designed to perform a wide range of operations on MySQL over the web. It offers the user friendly web interface, support for most MySQL features, management of MySQL users and privileges, management of stored procedures and triggers, import and export of data from various sources, administration of multiple servers and much more.
What’s New in phpMyAdmin 4.6.3 Release
Since our last publication, covering the 4.6.2 release, phpMyAdmin introduced changes as part of a regular maintenance release consisting mostly of bug fixes, and also including a few security fixes.
For more detail about the included security fixes take a look at the phpMyAdmin security notifications PMASA-2016-17 through PMASA-2016-28, posted at the phpMyAdmin security website. Due to the high number of security updates, the phpMyAdmin team recommends upgrading all affected versions immediately.
The phpMyAdmin 4.6.3 version attends the following issues:
- – issue #12249 Fixed cookie path on Windows
- – issue #12279 Fixed error reporting on connect problems
- – issue #12290 Fixed export of tables without explicitly set engine
- – issue #12293 Fix MySQL SSL connection with some PHP versions
- – issue #12279 Fix MySQL connection error on version mismatch
- – issue #12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
- – issue #12308 Fix division by zero in case of misconfigured MySQL server
- – issue #12317 Fix editing server variables
- – issue #12303 Fix table size calculation in some circumstances
- – issue #12310 Fix listing routines for non privileged user
- – issue Escape generated query in exporting a database
- – issue Setup script doesn’t use input type ‘password’ in all relevant locations
- – issue [security] BBCode injection in setup script, see PMASA-2016-17
- – issue [security] Cookie attribute injection attack, see PMASA-2016-18
- – issue Redirect loop when directly calling url.php
- – issue [security] SQL injection attack, see PMASA-2016-19
- – issue [security] XSS attack in Table Structure page, see PMASA-2016-20
- – issue [security] XSS attack in Server Privileges page, see PMASA-2016-21
- – issue [security] DOS attack vulnerability, see PMASA-2016-22
- – issue [security] Multiple full path disclosure vulnerabilities, see PMASA-2016-23
- – issue [security] Full path disclosure when running in debug mode
- – issue [security] XSS attack with partition range and table structure, see PMASA-2016-25
- – issue [security] XSS attack when checking database privileges, see PMASA-2016-26
- – issue [security] XSS attack when MySQL server is using a specific payload log_bin directive, see PMASA-2016-26
- – issue [security] XSS vulnerabilities in Transformation feature, see PMASA-2016-26
The complete changelog for the phpMyAdmin 4.6.3 and other releases can be found here.
Installation and Configuration Instructions
If you followed our installation guide for Ubuntu, then you can upgrade to phpMyAdmin 4.6.3 using the following commands:
sudo apt-get update sudo apt-get upgrade
Complete instructions can be found in the phpMyAdmin Documentation.
Please contact phpMyAdmin Support to address any installation or upgrade issues to the phpMyAdmin 4.6.3 version.