- Details
Release Notes: https://dev.mysql.com/doc/relnotes/mysql/
- Details
phpMyAdmin 5.2.2 is released
2025-01-21
Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below.
- fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög https://github.com/MoonE)
- fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird https://github.com/blue-bird1)
- fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela https://github.com/kamil-tekiela)
- fix possible security issue with library code slim/psr7 (CVE-2023-30536)
- fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3)
- fix a full path disclosure in the Monitoring tab
- issue #18268 Fix UI issue the theme manager is disabled
- issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
- issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
- issue #18106 Fix renaming database with a view
- issue #18120 Fix bug with numerical tables during renaming database
- issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0
- issue #18258 Speed improvements when exporting a database
- issue #18769 Improved collations support for MariaDB 10.10
There are many, many more fixes that you can see in the ChangeLog file included with this release or online at https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_2_2/ChangeLog
Downloads are available now at https://phpmyadmin.net/downloads/
For the phpMyAdmin team, Isaac
- Details
This is a security release.
- CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
- [
f2ad4d3af8] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#654 - [
0afc6f9600] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (RafaelGSS) nodejs-private/node-private#555 - [
3c7686163e] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650 - [
51938f023a] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#629
- Details
This release introduces two significant new features: Chaos and SMTP auto-forwarding.
Chaos (sometimes referred to as "Chaos Monkey") allows you to set SMTP error response codes at various stages in a SMTP transaction in order to test application resilience.
Feature
- Add Chaos functionality to test integration handling of SMTP error responses (#402, #110, #144 & #268)
- SMTP forwarding option (#414)
- Option to override the
Fromemail address in SMTP relay configuration (#414)
Chore
- Update node dependencies
- Update Go dependencies
Fix
- Update command
npm run update-caniemailsave path (#422) - Correct date formatting in TestMakeHeaders
- Details
8.1.31 - https://www.php.net/ChangeLog-8.php#PHP_8_1
8.2.26 - https://www.php.net/ChangeLog-8.php#PHP_8_2
8.3.14 - https://www.php.net/ChangeLog-8.php#PHP_8_3
8.4.1 - https://www.php.net/ChangeLog-8.php#PHP_8_4
NOTE: PHP 8.4.x currently does not work with Memcached. If you use Memcached and PHP together, please use PHP 8.3.x until a release is available for 8.4.x
