-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
471 lines (431 loc) · 25.6 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
phpMyAdmin - ChangeLog
======================
4.0.10.20 (2017-03-28)
- issue #12881 Fix database search when locale is not 'en'
- issue [security] Possible to bypass $cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08
4.0.10.19 (2017-01-23)
- issue [security] Multiple vulnerabilities in setup script, see PMASA-2016-44.
- issue [security] Open redirect, see PMASA-2017-1.
- issue [security] php-gettext code execution, see PMASA-2017-2.
- issue [security] DOS vulnerabiltiy in table editing, see PMASA-2017-3.
- issue [security] CSS injection in themes, see PMASA-2017-4.
- issue [security] SSRF in replication, see PMASA-2017-6.
- issue [security] DOS in replication status, see PMASA-2017-7.
4.0.10.18 (2016-11-24)
- issue #12485 Do not show warning about short blowfish_secret if none is set
- issue [security] Open redirection issue, see PMASA-2016-57
- issue [security] Unsafe generation of $cfg['blowfish_secret'], see PMASA-2016-58
- issue [security] phpMyAdmin's phpinfo functionality is removed, see PMASA-2016-59
- issue [security] AllowRoot and allow/deny rule bypass with specially-crafted username, see PMASA-2016-60
- issue [security] Username matching weaknesses with allow/deny rules, see PMASA-2016-61
- issue [security] Full path disclosure (FPD) weaknesses, see PMASA-2016-63
- issue [security] Multiple cross-site scripting (XSS) weaknesses, see PMASA-2016-64
- issue [security] Multiple denial-of-service (DOS) vulnerabilities, see PMASA-2016-65
- issue [security] Possible to bypass white-list protection for URL redirection, see PMASA-2016-66
- issue [security] Multiple SQL injection vulnerabilities, see PMASA-2016-69
- issue [security] Incorrect serialized string parsing, see PMASA-2016-70
- issue [security] CSRF token not stripped from the URL, see PMASA-2016-71
4.0.10.17 (2016-08-16)
- issue [security] Weaknesses with cookie encryption, see PMASA-2016-29
- issue [security] Improve session cookie code for openid.php and signon.php example files
- issue [security] Full path disclosure in openid.php and signon.php example files
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-30
- issue [security] Unsafe generation of BlowfishSecret (when not supplied by the user)
- issue [security] Referrer leak when phpinfo is enabled
- issue [security] PHP code injection, see PMASA-2016-32
- issue [security] Full path disclosure, see PMASA-2016-33
- issue [security] SQL injection attack, see PMASA-2016-34
- issue [security] Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35
- issue [security] Local file exposure through symlinks with UploadDir, see PMASA-2016-36
- issue [security] Path traversal with SaveDir and UploadDir, see PMASA-2016-37
- issue [security] Denial-of-service attack through transformation feature, see PMASA-2016-41
- issue [security] SQL injection vulnerability as control user, see PMASA-2016-42
- issue [security] Verify data before unserializing, see PMASA-2016-43
- issue [security] Use HTTPS for wiki links
- issue Remove Swekey support
- issue [security] Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections, see PMASA-2016-45
- issue [security] Improve SSL certificate handling
- issue [security] Fix full path disclosure in debugging code
- issue [security] Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47
- issue [security] Detect if user is logged in, see PMASA-2016-48
- issue [security] Bypass URL redirection protection, see PMASA-2016-49
- issue [security] Referrer leak, see PMASA-2016-50
- issue [security] Reflected File Download, see PMASA-2016-51
- issue [security] ArbitraryServerRegexp bypass, see PMASA-2016-52
- issue [security] Denial-of-service attack by entering long password, see PMASA-2016-53
- issue [security] Remote code execution vulnerability when running as CGI, see PMASA-2016-54
- issue [security] Denial-of-service attack when PHP uses dbase extension, see PMASA-2016-55
- issue [security] Remove tode execution vulnerability when PHP uses dbase extension, see PMASA-2016-56
- issue [security] Denial-of-service attack by using for loops, see PMASA-2016-46
4.0.10.16 (2016-06-23)
- issue [security] User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14
- issue [security] Limit list of sites which can be passwd through url.php.
- issue [security] BBCode injection in setup script, see PMASA-2016-17
- issue [security] DOS attack vulnerability, see PMASA-2016-22
- issue [security] Multiple full path disclosure vulnerabilities, see PMASA-2016-26
- issue [security] XSS attack when checking database privileges, see PMASA-2016-21
- issue [security] XSS attack when MySQL server is using a specific payload log_bin directive, see PMASA-2016-26
- issue [security] XSS vulnerabilities in Transformation feature, PMASA-2016-28
4.0.10.15 (2016-02-29)
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-11.
4.0.10.14 (2016-01-29)
- issue #11891 Error with PMA 4.0.10.13 with PHP 5.2
4.0.10.13 (2016-01-28)
- issue [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
- issue [Security] Unsafe generation of CSRF token, see PMASA-2016-2
- issue [Security] Multiple XSS vulnerabilities, see PMASA-2016-3
- issue [Security] Insecure password generation in JavaScript, see PMASA-2016-4
- issue [Security] Unsafe comparison of CSRF token, see PMASA-2016-5
4.0.10.12 (2015-12-25)
- issue [Security] Path disclosure, see PMASA-2015-6
4.0.10.11 (2015-09-23)
- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
4.0.10.10 (2015-05-13)
- bug #4899 [security] CSRF vulnerability in setup
- bug #4900 [security] Vulnerability allowing Man-in-the-middle attack
4.0.10.9 (2015-03-04)
- bug [security] Risk of BREACH attack, see PMASA-2015-1
4.0.10.8 (2015-01-07)
- rfe #1588 recursive function too deep - operator change suggestion
- rfe #1589 support early versions of PHP5.2 (register_shutdown_function)
4.0.10.7 (2014-12-03)
- bug #4611 [security] DOS attack with long passwords
4.0.10.6 (2014-11-20)
- bug #4578 [security] XSS vulnerability in table print view
- bug #4579 [security] XSS vulnerability in zoom search page
- bug #4594 [security] Path traversal in file inclusion of GIS factory
- bug #4598 [security] XSS in multi submit
- bug #4597 [security] XSS through pma_fontsize cookie
4.0.10.5 (2014-10-21)
- bug #4562 [security] XSS in debug SQL output
- bug #4563 [security] XSS in monitor query analyzer
4.0.10.4 (2014-10-01)
- bug #4544 [security] XSS vulnerabilities in table search and table structure pages
4.0.10.3 (2014-09-13)
- bug #4530 [security] DOM based XSS that results to a CSRF that creates a
ROOT account in certain conditions
4.0.10.2 (2014-08-17)
- bug #4501 [security] XSS in table browse page
- bug #4502 [security] Self-XSS in enum value editor
- bug #4503 [security] Self-XSSes in monitor
- bug #4504 [security] Self-XSS in query charts
- bug #4517 [security] XSS in relation view
4.0.10.1 (2014-07-17)
- bug #4488 [security] XSS injection due to unescaped table name (triggers)
- bug #4492 [security] XSS in AJAX confirmation messages
4.0.10.0 (2013-12-04)
- bug #4150 Clicking database name in query window opens a new tab
- bug #4141 Wrong page is shown after editing; also, do not show a modal
dialog for multi-row edit
- bug #3939 PHP NavigationTree error when paging through list
- bug #4075 Support A10 Networks load balancer
- bug #4083 row deleting isn't binlogs friendly
- bug #4163 Setup script does not recognize manually-configured server
- bug #4158 Events page says no privileges with ALL PRIVILEGES
4.0.9.0 (2013-11-04)
- bug #4104 Can't edit updatable view when searching
- bug #4108 Missing refresh by deleting databases
- bug #3995 Drizzle server charset notice
- bug #3911 Filtering database names includes empty groupings
- bug #3678 Does not display or manipulate bit(64) fields appropriately
- bug #4129 Unneeded navi panel refresh
- bug #4120 SSL redirects to port 80
- bug #4144 DROP DATABASE displays wrong database name
- bug #4059 Running delete query asks for confirmation but says it was already executed
- bug #4147 Accessibility: Images without Alt nor title attribute
4.0.8.0 (2013-10-06)
- bug #3988 Rename view is not working
- bug #4041 Interaction between linkified fields and grid editing
- bug #3975 Table grouping isn't implemented properly
- bug #4060 Browser tries to remember wrong password when creating new user
- bug #4002 Edit Index on big table doesn't show "Loading" or any message
- bug #4098 Default table tab is ignored
- bug #4099 Server/library difference warning: setting is ignored
- bug #4100 table tree group strategy
- bug #4102 ALTER TABLE ORDER BY and InnoDB
- bug #4103 Tracking report: cannot delete a statement
- bug #3996 Drizzle navigation doesn't expand
- bug #4074 GIS column editor: point not displayed
- bug #4109 Drizzle tables in navigation are shown as views
- bug #4095 NUL symbols added to the end of database dump file
- bug #4105 More disappears in table Structure
- bug #3992 Multi-row edit doesn't clear values when checking NULL
4.0.7.0 (2013-09-23)
- bug #3993 Sorting in database overview with statistics doesn't work
- bug Handle the situation where PHP_SELF is not set
- bug #4080 Overwrite existing file not obeyed
- bug #3929 Database-specific privileges are not copied when cloning user
- bug #3997 Error handling in case MySQL extension is missing
- bug #4089 Moving Columns will alter column definition
- bug #4091 Insert ignore option does not work
- bug #4090 Downloading BLOB downloads page template
- bug #4092 Clicking on table name in view of information_schema redirects to wrong page
- bug #4079 Copy Table Add AUTO_INCREMENT value checkbox not working
- bug #4088 MySQL server version at index.php incorrect w/ controlhost
- bug #4001 Import error: Class 'ImportOds' not found
- bug #3986 Missing DROP VIEW button
4.0.6.0 (2013-09-05)
- bug #4036 Call to undefined function mb_detect_encoding (clarify the doc)
- bug Missing hints when changing a column's structure
- bug #4048 Cannot select foreign value in Search
- bug #4025 gzip export is not actually compressed with mod_deflate
- bug #4054 query analysis doesn't launch in status monitor
+ Add pmahomme icon credits (FamFamFam silk icon set)
- bug #4064 Table structure statistics "Space usage" caption too small for l10n
- bug #4051 Wrong tabindex when inserting rows
- bug #4066 varchar field not truncated in table browse mode
+ rfe #1435 Opening database should expand it in the navigation menu
- (performance) Removed ShowTooltip directive
- bug #4046 Exporting huge Tables causes memory-Problems
4.0.5.0 (2013-08-04)
- bug #3977 Not detected configuration storage
- bug #3970 Pressing enter in the filter field reloads page
- bug #3984 Cannot insert in this table (PHP < 5.4)
- bug #3989 Reloading privileges does not update the interface
- bug #3960 NavigationBarIconic config not honored
- bug #3985 Call to undefined function mb_detect_encoding
- bug #4007 Analyze option not shown for InnoDB tables
- bug #4015 Forcing a storage engine for configuration storage
- bug Incorrect Drizzle 7 detection
- bug #4019 Create database if not exists (export): add an option to the
interface to enable generating CREATE DATABASE and USE (false by default)
- bug #4012 Crash on CSV file import
- bug #4009 Statistic Monitor shows only last 3 digits in graph
- bug #3998 Non-permanent SQL history not working
- bug #3578 Transformations for text/plain on a BLOB column
- [security] Improved protection against cross framing, see PMASA-2013-10
+ Reinstated configuration directive: AllowThirdPartyFraming
4.0.4.2 (2013-07-28)
- [security] fix unescaped parameter, see PMASA-2013-8
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
- [security] Fix full path disclosure, see PMASA-2013-12
- [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
- [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
- [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13
4.0.4.1 (2013-06-30)
- [security] Global variables scope injection vulnerability (see PMASA-2013-7)
4.0.4.0 (2013-06-17)
- bug #3959 Using DefaultTabDatabase in NavigationTree for Database Click
- bug #3961 Avoid Suhosin warning when in simulation mode
- bug #3897 Row Statistics and Space usage bugs
- bug #3966 Only display "table has no unique column" message when applicable
- bug #3965 Default language wrong with zh-TW
- bug #3921 Call to undefined function PMA_isSuperuser() if default server is
not set
- bug #3971 Ctrl/shift + click opens links in same window
- bug #3964 Import using https does not work
- bug Missing removeCRLF option in ExportCsv and ExportExcel plugins
- bug #3631 Drop not working Visio schema export.
- bug #3645 Better handling of invalid ODS documents
- bug #3976 Number of pages
- bug #3922 User privileges, database name unescaped
4.0.3.0 (2013-06-05)
- bug #3941 Recent tables list always empty
- bug #3933 Do not translate "Open Document" in export settings
- bug #3927 List of tables is missing after expanding in the navigation frame
- bug #3942 Warnings about reserved word for many non reserved words
- bug #3912 Exporting row selection, resulted by ORDER BY query
- bug #3957 Cookies must be enabled past this point
- bug #3956 "Browse foreign values" search filter / page selector not working
- bug #3579 NOW() function incorrectly selected (partial regression)
- [security] Javascript execution vulnerability in Create view,
reported by Maxim Rupp (see PMASA-2013-6)
4.0.2.0 (2013-05-24)
- bug #3902 Cannot browse when table name contains keyword "call"
+ center loading indicator for navigation refresh, related to bug #3920
- bug #3925 Table sorting in navigation panel is case-sensitive
- bug #3915 Import of CSV file (Replace table data with file) with duplicate values
- bug #3907 undefined variables, function parameter problems
- bug #3898 Structure not refreshed after column drop
- bug #3926 View is not updatable
- bug #3919 PropertiesIconic not honored
- bug #3930 Databases to choose for specific privileges show up escaped
- bug #3910 Export database with empty table as a php array, does not produce valid PHP
- bug #3936 Query profiler chart not loading from SQL Query page
- bug #3946 Missing CSV import option "Do not abort on INSERT error"
- bug #3943 Missing Operations>Table options>AUTO_INCREMENT
- bug Missing CREATE DATABASE statement when exporting at database level
- bug #3924 Show warning when CSV file does not contain data for all columns
- bug #3947 Missing Sql Query after modify structure
- bug #3948 Server export problems
- bug #3917 CountTables directive is deprecated
4.0.1.0 (2013-05-14)
- bug #3879 Import broken for CSV using LOAD DATA
- bug #3889 When login fails and error display is active, login data is displayed
- bug #3890 [import] Web server upload directory import fails
- bug #3891 [import] Server upload folder import file name missing in success message
+ rfe #1421 [auth] Add retry button on connection failure with config auth
- bug #3894 [interface] Provide feedback if no columns selected for multi-submit
- bug #3799 [interface] Incorrect select field change on ctrl key navigation in Firefox
- bug #3885 [browse] display_binary_as_hex option causes unexpected behavior
- bug #3899 Git commit links to Github missing
- bug #3900 CSP WARN in Firefox console
- bug #3901 Setup script warning for config auth (stored login data) shows link BBcode
- bug #3895 [browse] Fixed getting BLOB data
- bug #3905 [export] Custom Exporting exports all databases
- bug #3909 [import] Import of CSV FIle to selected table doesn't work
- bug #3904 Browsing an empty table should not display its Structure
- bug #3908 Calendar widget improperly redirects to home
- bug #3918 Greyed out tabs when there are no rows fixed
- bug #3916 [interface] Missing scrollbar (original theme)
+ [vendor] add tcpdf path to vendor_config.php
- bug fix compat with tcpdf >= 6.0 (tested with 6.0.012)
4.0.0.0 (2013-05-03)
+ Patch #3481047 for rfe #3480477 Insert as new row enhancement
+ Patch #3480999 Activate codemirror in the query window
- Patch #3495284 XML Import - fix message and redirect
+ rfe #3484063 Null checkbox behavior
+ Patch #3497179 Contest-5: Add user: Allow create DB w/same name + grant u_%
+ Patch #3498201 Contest-6: Export all privileges
+ Patch #3502814 for rfe #3187077 Change password buttons should match
+ rfe #3488640 Expand table-group in non-light navigation frame if only one
+ Patch #3509360 Contest-3: Option "Truncate table" before "insert"
+ Patch #3506552 Contest-2: Show index information in the data dictionary
+ Patch #3510656 Contest-1: Ignoring foreign keys while dropping tables
- Bug #3509686 Reverting sort on joined column does not work
+ New transformation: append string
+ rfe #3507804 Session upload progress (PHP 5.4)
+ rfe #3488185 draggable columns vs copy column name
+ Patch #3507001 Contest-4: Textarea for large character columns
+ Removed the PHP version of the ENUM editor
+ Patch #3507111 Display distinct results, linked to corresponding data rows
- bug #3507917 [export] JSON has unescaped values for allegedly numeric columns
+ rfe #3516187 show tables creation, last update, last check timestamps in db_structure
- bug #3059806 Supporting running from CIFS/Samba shares
- bug #3516341 [export] Open Document Text, Word and Texy! Text show table structure twice
- bug [export] Texy! Text: Columns containing Pipe Character don't export properly
+ [export] Show triggers in Open Document Text, Word and Texy! Text
- Patch #3415061 [auth] Login screen appears under the page
+ rfe #3517354 [interface] Allow disabling CodeMirror with $cfg['CodemirrorEnable'] = false
+ rfe #3475567 [interface] New directive $cfg['HideStructureActions']
- bug #3468272 [import] Fixed import of ODS with more paragraphs in a cell
- bug #3510196 [core] Improved redirecting with ForceSSL option
+ rfe #3518852 [edit] edit blob but not other binary, new option $cfg['ProtectBinary'] = 'noblob'
+ Hide language select box if there are no locales installed
+ Removed some directives: verbose_check, SuggestDBName, LightTabs,
VerboseMultiSubmit, ReplaceHelpImg
- Patch #3500882 Fixing checkbox behaviour while editing identical rows
+ rfe #3441722 [interface] Display description of datatypes
+ rfe #3517835 [structure] Move columns easily
+ Ajaxified "Create View" functionality
+ [import] New plugin: import mediawiki
+ New navigation system
+ Discontinued the use of a frame-based layout
+ rfe #3528994 [interface] Allow wrapping possibly long values in replication-status table
+ [interface] Autoselect username input on cookie login page
- bug #3563799 [interface] Grid editing destroying huge amount of data
+ [import] Remove support for the unactive docSQL import format
- bug #3577443 [edit] "Browse foreign values" does not show on ajax edit
+ rfe #3522109 [browse] Grid editing: action to trigger it (or disable)
- bug #3526598 [interface] SQL query not shown when creating table
+ Dropped configuration directive: AllowThirdPartyFraming
+ Dropped configuration directive: LeftFrameLight
+ Dropped configuration directive: DisplayDatabasesList
+ Dropped configuration directives: ShowTooltipAliasDB and ShowTooltipAliasTB
+ Dropped configuration directive: NaviDatabaseNameColor
+ Added configuration directive: MaxNavigationItems
+ Renamed configuration directive: LeftFrameDBTree => NavigationTreeEnableGrouping
+ Renamed configuration directive: LeftFrameDBSeparator => NavigationTreeDbSeparator
+ Renamed configuration directive: LeftFrameTableSeparator => NavigationTreeTableSeparator
+ Renamed configuration directive: LeftFrameTableLevel => NavigationTreeTableLevel
+ Renamed configuration directive: LeftPointerEnable => NavigationTreePointerEnable
+ Renamed configuration directive: LeftDefaultTabTable => NavigationTreeDefaultTabTable
+ Renamed configuration directive: LeftDisplayTableFilterMinimum => NavigationTreeDisplayTableFilterMinimum
+ Renamed configuration directive: LeftDisplayLogo => NavigationDisplayLogo
+ Renamed configuration directive: LeftLogoLink => NavigationLogoLink
+ Renamed configuration directive: LeftLogoLinkWindow => NavigationLogoLinkWindow
+ Renamed configuration directive: LeftDisplayServers => NavigationDisplayServers
+ Renamed configuration directive: LeftRecentTable => NumRecentTables
+ Renamed configuration directive: LeftDisplayDatabaseFilterMinimum => NavigationTreeDisplayDbFilterMinimum
+ Removed the "Mark row on click" feature; must now click the checkbox to mark
+ Removed the "Synchronize" feature
+ Improved layout of server variables page
+ rfe #1052091 [config] Double-underscores in PMA table names
+ Improved the "More" dropdown on the table structure page
+ [interface] Added "scroll to top" link in menubar
+ [designer] Fullscreen mode for the designer
+ Upgraded jquery to v1.8.3 and jquery-ui to v1.9.2
+ Patch #3597529 [status] Add raw value as title on server status page
+ Support MySQL 5.6 partitioning
+ Removed the AjaxEnable directive
+ rfe #3542567 Accept IPv6 ranges and IPv6 CIDR notations in $cfg['Servers'][$i]['AllowDeny']['rules']
- Bug #3576788 Grid editing shows the value before silent truncation
- Upgraded jqPlot to 1.0.4 r1121
- Upgraded to jquery-ui-timepicker-addon 1.1.1
+ rfe #3599046 [interface] Added comments for indexes
- Replaced qtip with jQuery UI tooltip
- Upgraded CodeMirror to 2.37
- bug #2951 [export] Correctly export decimal fields.
- bug #3762 [core] Make Advisor work on Windows withou COM extension.
- bug #3519 [export] Prevent infinite recursion in PDF export.
- bug #3827 Table specific privileges not displayed for db name containing
underscore
- rfe #1386 Add IF NOT EXISTS clause when copying database
- No longer package .travis.yml configuration file when creating a release.
- bug #3830 Can't export custom query because it lowercases table names
- bug #3829 Enabling query profiling crashes javascript based navigation
+ rfe #879 Reserved word warning
+ Remove the database ordering sub-feature of the only_db directive
- bug #3840 When exporting to gzip format, the data is compressed 2 times
+ rfe #1319 Permit to create index when creating foreign key
- bug #3703 Incorrect updating of the list of users
- bug #3853 Blowfish implementation might be broken (replace with phpseclib)
- bug #3865 Using like operator on each backslash needs 4 backslash protection
- bug #3860 Displayed git revision info is not set
- bug #3871 Check referential integrity broken across databases
- bug #3874 [export] No preselected option when exporting table
- bug #3873 Can't copy table to target database if table exists there
- bug #3683 Incorrect listing of records from to count
- bug #3876 [import] PHP 5.2 - unexpected T_PAAMAYIM_NEKUDOTAYIM
- [security] Local file inclusion vulnerability, reported by Janek Vind
(see PMASA-2013-4)
- [security] Global variables overwrite in export.php, reported by Janek Vind
(see PMASA-2013-5)
- bug #3892 [export] SQL Export files are empty
3.5.8.2 (2013-07-28)
- [security] Fix self-XSS in "Showing rows", see PMASA-2013-8
- [security] Fix self-XSS in Display chart, see PMASA-2013-9
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
+ [security] JSON content type header for version_check.php, see PMASA-2013-9
+ [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9
+ [security] Fix full path disclosure, see PMASA-2013-12
+ [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
+ [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
3.5.8.1 (2013-04-24)
- [security] Remote code execution (preg_replace), reported by Janek Vind
(see PMASA-2013-2)
- [security] Locally Saved SQL Dump File Multiple File Extension Remote Code
Execution, reported by Janek Vind (see PMASA-2013-3)
3.5.8.0 (2013-04-08)
- bug #3828 MariaDB reported as MySQL
- bug #3854 Incorrect header for Safari 6.0
- bug #3705 Attempt to open trigger for edit gives NULL
- Use HTML5 DOCTYPE
- [security] Self-XSS on GIS visualisation page, reported by Janek Vind
- bug #3800 Incorrect keyhandler behaviour #2
3.5.7.0 (2013-02-15)
- bug #3779 [core] Problem with backslash in enum fields
- bug #3816 Missing server_processlist.php
- bug #3821 Safari: white page
- Correct detection of the Chrome browser
3.5.6.0 (2013-01-28)
- bug #3593604 [status] Erroneous advisor rule
- bug #3596070 [status] localStorage broken in server status monitor
- bug #3598736 [routines] Editing a procedure with special characters
- bug #3600322 [core] Visualize GIS data throws Fatal Error
- bug #3599362 [core] Double-escaped error message
- bug #3776 [cookies] Login without auth on second server
--- Older ChangeLogs can be found on our project website ---
https://www.phpmyadmin.net/old-stuff/ChangeLogs/
# vim: et ts=4 sw=4 sts=4
# vim: ft=changelog fenc=utf-8
# vim: fde=getline(v\:lnum-1)=~'^\\s*$'&&getline(v\:lnum)=~'\\S'?'>1'\:1&&v\:lnum>4&&getline(v\:lnum)!~'^#'
# vim: fdn=1 fdm=expr