On Aug 16, 2016 phpMyAdmin introduced the phpMyAdmin 4.6.4 release, accompanied with versions 4.0.10.17 and 4.4.15.8. phpMyAdmin is a free, open source tool developed in PHP and intended to handle the administration of MySQL database management system (DBMS). phpMyAdmin is designed to perform a wide range of operations on MySQL over the web. It offers the user friendly web interface, support for most MySQL features, management of MySQL users and privileges, management of stored procedures and triggers, import and export of data from various sources, administration of multiple servers and much more.
What's New in phpMyAdmin 4.6.4 Release
Since our last publication, covering the 4.6.3 release, phpMyAdmin introduced changes as part of several security fixes with various levels of severity, as well as some bugfixes.
It is recommended to perform an upgrade immediately if you run a previous version of phpMyAdmin. Besides the security fixes, the bugs that were fixed on this release included bugs on the following features: changing a password, creating a view without a view name specified, deletion of users with non-English locales, password change on MariaDB without auth plugin, and others.
The phpMyAdmin 4.6.4 version attends the following issues:
- - issue [security] Weaknesses with cookie encryption, see PMASA-2016-29
- - issue [security] Improve session cookie code for openid.php and signon.php example files
- - issue [security] Full path disclosure in openid.php and signon.php example files
- - issue [security] Multiple XSS vulnerabilities, see PMASA-2016-30
- - issue [security] Multiple XSS vulnerabilities, see PMASA-2016-31
- - issue [security] Unsafe generation of BlowfishSecret (when not supplied by the user)
- - issue [security] Referrer leak when phpinfo is enabled
- - issue [security] PHP code injection, see PMASA-2016-32
- - issue [security] Full path disclosure, see PMASA-2016-33
- - issue [security] SQL injection attack, see PMASA-2016-34
- - issue [security] Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35
- - issue [security] Local file exposure through symlinks with UploadDir, see PMASA-2016-36
- - issue [security] Path traversal with SaveDir and UploadDir, see PMASA-2016-37
- - issue [security] Multiple XSS vulnerabilities, see PMASA-2016-38
- - issue [security] SQL injection vulnerability as control user, see PMASA-2016-39
- - issue [security] SQL injection vulnerability, see PMASA-2016-40
- - issue [security] Denial-of-service attack through transformation feature, see PMASA-2016-41
- - issue [security] SQL injection vulnerability as control user, see PMASA-2016-42
- - issue [security] Verify data before unserializing, see PMASA-2016-43
- - issue [security] Use HTTPS for wiki links
- - issue Remove Swekey support
- - issue [security] SSRF in setup script, see PMASA-2016-44
- - issue [security] Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections, see PMASA-2016-45
- - issue [security] Improve SSL certificate handling
- - issue [security] Fix full path disclosure in debugging code
- - issue [security] Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47
- - issue [security] Detect if user is logged in, see PMASA-2016-48
- - issue [security] Bypass URL redirection protection, see PMASA-2016-49
- - issue [security] Referrer leak, see PMASA-2016-50
- - issue [security] Reflected File Download, see PMASA-2016-51
- - issue [security] ArbitraryServerRegexp bypass, see PMASA-2016-52
- - issue [security] Denial-of-service attack by entering long password, see PMASA-2016-53
- - issue [security] Remote code execution vulnerability when running as CGI, see PMASA-2016-054
- - issue [security] Administrators could trigger SQL injection attack against users
- - issue [security] Denial-of-service attack when PHP uses dbase extension, see PMASA-2016-55
- - issue [security] Remove tode execution vulnerability when PHP uses dbase extension, see PMASA-2016-56
- - issue [security] Denial-of-service attack by using for loops, see PMASA-2016-46
- - issue Include X-Robots-Tag header in responses
- - issue Enforce numeric field length when creating table
- - issue Fixed invalid Content-Length in some HTTP responses
- - issue #12394 Create view should require a view name
- - issue #12391 Message with 'Change password successfully' displayed, but does not take effect
- - issue Tighten control on PHP sessions and session cookies
- - issue #12409 Re-enable overhead on server databases view
- - issue #12414 Fixed rendering of Original theme
- - issue #12413 Fixed deleting users in non English locales
- - issue #12416 Fixed replication status output in Databases listing
- - issue #12303 Avoid typecasting to float when not needed
- - issue #12425 Duplicate message variable names in messages.inc.php
- - issue #12399 Adding index to table shows wrong top navigation
- - issue #12424 Fixed password change on MariaDB without auth plugin
- - issue #12339 Do not error on unset server port
- - issue #12422 Improvements to the original theme
- - issue #12395 Do not try to load old transformation plugins
- - issue #12423 Fixed replication status in database listing
- - issue #12433 Copy table with prefix does not copy the indexes
- - issue #12375 Search in database: Window content is not scrolling down when clicking first time on Browse link
- - issue #12346 SQL Editor textareas can have their size increased from the top, distorting the page view
The complete changelog for the phpMyAdmin 4.6.4 and other releases can be found here.
Installation and Configuration Instructions
Ubuntu Installation
phpMyAdmin Tweaks
"Additional features have been deactivated" Error
Recommended Guides for MySQL and phpMyAdmin:
Upgrade Instructions
If you followed our installation guide for Ubuntu, then you can upgrade to phpMyAdmin 4.6.4 using the following commands:
sudo apt-get update sudo apt-get upgrade
Complete instructions can be found in the phpMyAdmin Documentation.
Please contact phpMyAdmin Support to address any installation or upgrade issues to the phpMyAdmin 4.6.4 version.