mirror of
https://github.com/cytopia/devilbox.git
synced 2024-12-25 23:41:04 +00:00
303 lines
18 KiB
Plaintext
303 lines
18 KiB
Plaintext
|
phpMyAdmin - ChangeLog
|
||
|
|
======================
|
||
|
|
|
||
|
|
4.6.4 (2016-08-16)
|
||
|
|
- issue [security] Weaknesses with cookie encryption, see PMASA-2016-29
|
||
|
|
- issue [security] Improve session cookie code for openid.php and signon.php example files
|
||
|
|
- issue [security] Full path disclosure in openid.php and signon.php example files
|
||
|
|
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-30
|
||
|
|
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-31
|
||
|
|
- issue [security] Unsafe generation of BlowfishSecret (when not supplied by the user)
|
||
|
|
- issue [security] Referrer leak when phpinfo is enabled
|
||
|
|
- issue [security] PHP code injection, see PMASA-2016-32
|
||
|
|
- issue [security] Full path disclosure, see PMASA-2016-33
|
||
|
|
- issue [security] SQL injection attack, see PMASA-2016-34
|
||
|
|
- issue [security] Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35
|
||
|
|
- issue [security] Local file exposure through symlinks with UploadDir, see PMASA-2016-36
|
||
|
|
- issue [security] Path traversal with SaveDir and UploadDir, see PMASA-2016-37
|
||
|
|
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-38
|
||
|
|
- issue [security] SQL injection vulnerability as control user, see PMASA-2016-39
|
||
|
|
- issue [security] SQL injection vulnerability, see PMASA-2016-40
|
||
|
|
- issue [security] Denial-of-service attack through transformation feature, see PMASA-2016-41
|
||
|
|
- issue [security] SQL injection vulnerability as control user, see PMASA-2016-42
|
||
|
|
- issue [security] Verify data before unserializing, see PMASA-2016-43
|
||
|
|
- issue [security] Use HTTPS for wiki links
|
||
|
|
- issue Remove Swekey support
|
||
|
|
- issue [security] SSRF in setup script, see PMASA-2016-44
|
||
|
|
- issue [security] Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections, see PMASA-2016-45
|
||
|
|
- issue [security] Improve SSL certificate handling
|
||
|
|
- issue [security] Fix full path disclosure in debugging code
|
||
|
|
- issue [security] Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47
|
||
|
|
- issue [security] Detect if user is logged in, see PMASA-2016-48
|
||
|
|
- issue [security] Bypass URL redirection protection, see PMASA-2016-49
|
||
|
|
- issue [security] Referrer leak, see PMASA-2016-50
|
||
|
|
- issue [security] Reflected File Download, see PMASA-2016-51
|
||
|
|
- issue [security] ArbitraryServerRegexp bypass, see PMASA-2016-52
|
||
|
|
- issue [security] Denial-of-service attack by entering long password, see PMASA-2016-53
|
||
|
|
- issue [security] Remote code execution vulnerability when running as CGI, see PMASA-2016-054
|
||
|
|
- issue [security] Administrators could trigger SQL injection attack against users
|
||
|
|
- issue [security] Denial-of-service attack when PHP uses dbase extension, see PMASA-2016-55
|
||
|
|
- issue [security] Remove tode execution vulnerability when PHP uses dbase extension, see PMASA-2016-56
|
||
|
|
- issue [security] Denial-of-service attack by using for loops, see PMASA-2016-46
|
||
|
|
- issue Include X-Robots-Tag header in responses
|
||
|
|
- issue Enforce numeric field length when creating table
|
||
|
|
- issue Fixed invalid Content-Length in some HTTP responses
|
||
|
|
- issue #12394 Create view should require a view name
|
||
|
|
- issue #12391 Message with 'Change password successfully' displayed, but does not take effect
|
||
|
|
- issue Tighten control on PHP sessions and session cookies
|
||
|
|
- issue #12409 Re-enable overhead on server databases view
|
||
|
|
- issue #12414 Fixed rendering of Original theme
|
||
|
|
- issue #12413 Fixed deleting users in non English locales
|
||
|
|
- issue #12416 Fixed replication status output in Databases listing
|
||
|
|
- issue #12303 Avoid typecasting to float when not needed
|
||
|
|
- issue #12425 Duplicate message variable names in messages.inc.php
|
||
|
|
- issue #12399 Adding index to table shows wrong top navigation
|
||
|
|
- issue #12424 Fixed password change on MariaDB without auth plugin
|
||
|
|
- issue #12339 Do not error on unset server port
|
||
|
|
- issue #12422 Improvements to the original theme
|
||
|
|
- issue #12395 Do not try to load old transformation plugins
|
||
|
|
- issue #12423 Fixed replication status in database listing
|
||
|
|
- issue #12433 Copy table with prefix does not copy the indexes
|
||
|
|
- issue #12375 Search in database: Window content is not scrolling down when clicking first time on Browse link
|
||
|
|
- issue #12346 SQL Editor textareas can have their size increased from the top, distorting the page view
|
||
|
|
|
||
|
|
4.6.3 (2016-06-23)
|
||
|
|
- issue #12249 Fixed cookie path on Windows
|
||
|
|
- issue #12279 Fixed error reporting on connect problems
|
||
|
|
- issue #12290 Fixed export of tables without explicitly set engine
|
||
|
|
- issue #12285 Designer JavaScript error: Show/Hide tables list
|
||
|
|
- issue #12293 Fix MySQL SSL connection with some PHP versions
|
||
|
|
- issue #12279 Fix MySQL connection error on version mismatch
|
||
|
|
- issue #12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
|
||
|
|
- issue #12308 Fix division by zero in case of misconfigured MySQL server
|
||
|
|
- issue #12317 Fix editing server variables
|
||
|
|
- issue #12303 Fix table size calculation in some circumstances
|
||
|
|
- issue #12310 Fix listing routines for non privileged user
|
||
|
|
- issue Escape generated query in exporting a database
|
||
|
|
- issue Setup script doesn't use input type 'password' in all relevant locations
|
||
|
|
- issue [security] BBCode injection in setup script, see PMASA-2016-17
|
||
|
|
- issue [security] Cookie attribute injection attack, see PMASA-2016-18
|
||
|
|
- issue Redirect loop when directly calling url.php
|
||
|
|
- issue [security] SQL injection attack, see PMASA-2016-19
|
||
|
|
- issue [security] XSS attack in Table Structure page, see PMASA-2016-20
|
||
|
|
- issue [security] XSS attack in Server Privileges page, see PMASA-2016-21
|
||
|
|
- issue [security] DOS attack vulnerability, see PMASA-2016-22
|
||
|
|
- issue [security] Multiple full path disclosure vulnerabilities, see PMASA-2016-23
|
||
|
|
- issue [security] Full path disclosure when running in debug mode
|
||
|
|
- issue [security] XSS attack with partition range and table structure, see PMASA-2016-25
|
||
|
|
- issue [security] XSS attack when checking database privileges, see PMASA-2016-26
|
||
|
|
- issue [security] XSS attack when MySQL server is using a specific payload log_bin directive, see PMASA-2016-26
|
||
|
|
- issue [security] XSS vulnerabilities in Transformation feature, see PMASA-2016-26
|
||
|
|
|
||
|
|
4.6.2 (2016-05-25)
|
||
|
|
- issue [security] User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14
|
||
|
|
- issue [security] Self XSS vulneratbility, see PMASA-2016-16
|
||
|
|
- issue #12225 Use https for documentation links
|
||
|
|
- issue #12234 Fix schema export with too many tables
|
||
|
|
- issue #12240 Avoid parsing non JSON responses as JSON
|
||
|
|
- issue #12244 Avoid using too log URLs when getting javascripts
|
||
|
|
- issue #12118 Fixed setting mixed case languages
|
||
|
|
- issue #12229 Avoid storing objects in session when debugging SQL
|
||
|
|
- issue #12249 Fix cookie path on IIS
|
||
|
|
- issue #11705 Fix occassional 200 errors on Windows
|
||
|
|
- issue #12219 Fix locking issues when importing SQL
|
||
|
|
- issue #12231 Avoid confusing warning when mysql extension is missing
|
||
|
|
- issue Improve handling of logout
|
||
|
|
- issue Safer handling of sessions during authentication
|
||
|
|
- issue #12209 Fix server selection on main page
|
||
|
|
- issue #12192 Avoid storing full error data in session
|
||
|
|
- issue #12082 Fixed export of ARCHIVE tables with keys
|
||
|
|
- issue #11565 Add session reload for config authentication
|
||
|
|
- issue #12229 Do not fail on errors stored in session
|
||
|
|
- issue #12248 Fix loading of APC based upload progress bar
|
||
|
|
|
||
|
|
4.6.1 (2016-05-02)
|
||
|
|
- issue #12120 PMA_Util not found in insert_edit.lib.php
|
||
|
|
- issue #12118 Fixed activation of some languages
|
||
|
|
- issue #12121 Fixed error in 3NF step of normalization
|
||
|
|
- issue #12135 Fix offering JSON datatype in incompatible MySQL versions
|
||
|
|
- issue #12132 Can not open table with JSON field
|
||
|
|
- issue #12125 Cannot highlight a column if I scroll down from the top of the table
|
||
|
|
- issue #12154 Fixed possible PHP error in SQL parser
|
||
|
|
- issue #12029 Fixed SQL quoting in SQL export
|
||
|
|
- issue #12129 Improve performance of database structure page
|
||
|
|
- issue #12159 Fix PHP error if user did unpack new version over old one
|
||
|
|
- issue #12165 Fix parsing of expression 0
|
||
|
|
- issue #12146 Document setup with Google Cloud SQL
|
||
|
|
- issue #12197 Fix parsing of queries with double \
|
||
|
|
- issue #12202 Fixed setting of language from user configuration
|
||
|
|
- issue #12200 Fixed check for ndb version
|
||
|
|
- issue #12206 Fixed loading of configuration file
|
||
|
|
- issue #12204 Check if sessions are working and report failures
|
||
|
|
- issue #12211 non-clickable initial letter for users / and can't modify users with MySQL 5.7.12
|
||
|
|
- issue #12215 Fixed config tab persistence errors
|
||
|
|
- issue #12217 Fixed javascript erros on user creation
|
||
|
|
- issue #12144 Fixed parsing of some AS clauses
|
||
|
|
- issue #12205 Fixed parsing of FULL OUTER JOIN queries
|
||
|
|
- issue #12171 Fixed editing of VIEW structure
|
||
|
|
- issue #12208 Avoid printing executed queries on import
|
||
|
|
|
||
|
|
4.6.0.0 (2016-03-22)
|
||
|
|
+ issue #11456 Disabled storage engines
|
||
|
|
+ issue #11479 Allow setting routine wise privileges
|
||
|
|
- issue Hide Insert tab for non-updatable views
|
||
|
|
+ issue #11490 UI for defining partitioning in create table window
|
||
|
|
+ issue #11438 Support JSON data type
|
||
|
|
+ issue Editing partitions in table Structure
|
||
|
|
- issue Tracking does not make sense for information_schema
|
||
|
|
- issue #11550 Regression in Find and replace
|
||
|
|
+ issue #11619 TokuDB Tables Show Size as "unknown"
|
||
|
|
+ issue #11654 Use a slider for Internal relations
|
||
|
|
+ issue #11641 Ability to disable the navigationhiding Feature
|
||
|
|
- issue #11647 Restrict configuration NavigationTreeDbSeparator to strings
|
||
|
|
- issue #11667 Disable the tooltip in the navigation panel's filter box
|
||
|
|
+ issue Copy results to clipboard
|
||
|
|
+ issue #11504 Reactivate cut&paste possibility in print view
|
||
|
|
- issue #11702 Extraneous message after edit + grid-edit
|
||
|
|
- issue #11668 Table header is empty with browsing an empty table
|
||
|
|
+ issue #11701 Allow changing parameter order of routines
|
||
|
|
- issue #11708 Remove no password warning
|
||
|
|
+ issue #11711 Clarify the meaning of "Stand-in structure for view" in SQL export
|
||
|
|
- issue HTML line break shown after a MySQL connection error message
|
||
|
|
- issue #11728 CSV import skip row count after
|
||
|
|
- issue Fixed displaying of SQL query on table operations
|
||
|
|
- issue #6321 Display binary strings as text if they are valid UTF-8
|
||
|
|
+ issue #11743 Display routine specific privileges
|
||
|
|
+ issue #11538 Copy multiple tables to database
|
||
|
|
+ issue Support Cloudflare Flexible SSL
|
||
|
|
- issue Handle empty TABLE_COMMENT
|
||
|
|
+ issue #11833 Drop support for old Internet Explorer versions
|
||
|
|
+ issue #11796 Use modals for displaying forms in db structure page
|
||
|
|
+ issue #11789 Show MySQL error messages in user language
|
||
|
|
+ issue Add 'ssl_verify' configuration directive for self-signed certificates with mysqlnd and PHP >= 5.6
|
||
|
|
+ issue #11874 Show more used PHP extensions
|
||
|
|
- issue #11874 Report when version check and error reporting are disabled
|
||
|
|
- issue #11849 Fix PDF schema export
|
||
|
|
- issue #11412 Remove ForceSSL configuration directive
|
||
|
|
- issue Remove support for Mozilla Prism
|
||
|
|
- issue #11412 Remove PmaAbsoluteUri configuration directive
|
||
|
|
- issue #11914 Fix autoloading of phpseclib
|
||
|
|
- issue #11880 Fixed rendering of missing extension error
|
||
|
|
- issue #11923 Errors on Structure tab when user only has select access on certain columns
|
||
|
|
- issue #11972 Missing documentation for $cfg['Servers'][$i]['favorite'] and $cfg['NumFavoriteTables']
|
||
|
|
- issue #11907 Avoid displaying UPDATE query twice
|
||
|
|
- issue #11850 Fixed CSV import
|
||
|
|
- issue Fix SQL syntax highlighting in database search page
|
||
|
|
- issue #12056 Fix error when we can not generate random string
|
||
|
|
- issue #12055 Fixed PHP syntax error in templates
|
||
|
|
- issue #12054 Fixed processing of queries with escaped quotes
|
||
|
|
- issue #12041 Fixed exporting tables with fields DEFAULT and COMMENT
|
||
|
|
- issue #12073 Hide edit and delete buttons when the results are not related to a table
|
||
|
|
- issue #12083 Fixed parsing of field definition
|
||
|
|
- issue #12081 Fixed rendering of table stats
|
||
|
|
- issue #11705 Fixed problems with PHP on Windows on table structure
|
||
|
|
- issue #12085 Like search strings being escaped incorrectly
|
||
|
|
- issue #12092 Rename exported databases/tables doesn't seem to work
|
||
|
|
- issue #12099 Undefined index: controllink
|
||
|
|
- issue #12094 PHP Fatal error: Call to undefined function __()
|
||
|
|
- issue #12098 Fix login after logout with http authentication
|
||
|
|
- issue #12074 Fixed possible invalid SQL export
|
||
|
|
- issue #12026 Fixed parsing of UNION SELECT with brackets
|
||
|
|
- issue #12109 Fixed parsing of CREATE TABLE [AS] SELECT
|
||
|
|
- issue #12105 Multi-server drap-and-drop import always fails
|
||
|
|
- issue #12116 Fulltext indexes are not copied when using copy database function
|
||
|
|
|
||
|
|
4.5.5.1 (2016-02-29)
|
||
|
|
- issue #11971 CREATE UNIQUE INDEX index type is not recognized by parser.
|
||
|
|
- issue #11982 Row count wrong when grouping joined tables.
|
||
|
|
- issue #12012 Column definition with default value and comment in CREATE TABLE expoerted faulty.
|
||
|
|
- issue #12020 New statement but no delimiter and unexpected token with REPLACE.
|
||
|
|
- issue #12029 Fixed incorrect usage of SQL parser context in SQL export
|
||
|
|
- issue [security] XSS vulnerability in SQL parser, see PMASA-2016-10.
|
||
|
|
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-11.
|
||
|
|
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-12.
|
||
|
|
- issue [security] Vulnerability allowing man-in-the-middle attack on API call to GitHub, see PMASA-2016-13.
|
||
|
|
- issue #12048 Fixed inclusion of gettext library from SQL parser
|
||
|
|
|
||
|
|
4.5.5.0 (2016-02-22)
|
||
|
|
- issue Undefined index: is_ajax_request
|
||
|
|
- issue #11855 Fix password change on MariaDB 10.1 and newer
|
||
|
|
- issue #11874 Validate version information before further processing it
|
||
|
|
- issue #11881 Full processlist lost on refresh
|
||
|
|
- issue #11834 Adjust privileges fails if database name contains underscores
|
||
|
|
- issue #11906 'Loading...' banner shows on login screen
|
||
|
|
- issue #11930 Fixed changing of table parameters, eg. AUTO_INCREMENT
|
||
|
|
- issue #11885 Call to undefined function SqlParser\ctype_alnum()
|
||
|
|
- issue #11879 4.5.3.1 - NOW() function not recognized by parser
|
||
|
|
- issue #11867 Gracefully handle the DESC statement
|
||
|
|
- issue #11843 Fractional timestamp causes corrupted SQL export
|
||
|
|
- issue #11836 Static analysis error for valid WHERE condition with IF keyword
|
||
|
|
- issue #11800 Syntax Verifier error using REGEXP in SQL statement
|
||
|
|
- issue #11799 Backslashes in comments are being interpreted as escape characters
|
||
|
|
- issue #11909 Can't insert row into table that contains generated column
|
||
|
|
- issue #11677 sql-parser and php-gettext collide.
|
||
|
|
- issue #11920 Can't disable backquotes in export
|
||
|
|
- issue #11911 Inserts via tbl_change.php in VARBINARY columns does not allow using HEX() and MD5()
|
||
|
|
- issue #11939 Correct content type for uploaded error reports
|
||
|
|
- issue #11940 Silent errors from checking local documentation
|
||
|
|
- issue #11944 Fixed error on servers with disabled php_uname
|
||
|
|
- issue #11946 Correctly store and report file upload errors
|
||
|
|
- issue #11948 Avoid javascript errors on invalid location hash
|
||
|
|
- issue #11950 Fix PHP warning on configuration errors
|
||
|
|
- issue #11951 Silent errors on checking for writable folders
|
||
|
|
- issue #11952 Silent warning on invalid file upload
|
||
|
|
- issue #11953 Do not fail getting filename with open_basedir limitations
|
||
|
|
- issue #11956 unrecognized keyword interval
|
||
|
|
- issue Field names and aliases are being correctly parsed now.
|
||
|
|
- issue #11959 Fix javascript error in setup
|
||
|
|
- issue #11964 Undefined index: TABLE_COMMENT in database structure page
|
||
|
|
- issue #11967 Fix PHP error on loading invalid XML or ODS file
|
||
|
|
- issue #11969 Missing confirmation while dropping a view in view_operations.php
|
||
|
|
- issue #11968 Fix export of index comments in SQL
|
||
|
|
- issue #11979 DECLARE not accepted as valid SQL
|
||
|
|
|
||
|
|
4.5.4.1 (2016-01-29)
|
||
|
|
- issue #11892 Error with PMA 4.4.15.3
|
||
|
|
- issue #11896 Remove hard dependency on phpseclib
|
||
|
|
|
||
|
|
4.5.4.0 (2016-01-28)
|
||
|
|
- issue #11724 live data edit of big sets is not working
|
||
|
|
- issue Table list not saved in db QBE bookmarked search
|
||
|
|
- issue #11777 While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword
|
||
|
|
- issue #11783 Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars
|
||
|
|
- issue #11784 Properly handle errors in upacking zip archive
|
||
|
|
- issue #11785 Set PHP's internal encoding to UTF-8
|
||
|
|
- issue #11786 Fixed Kanji encoding in some specific cases
|
||
|
|
- issue #11787 Check whether iconv works before using it
|
||
|
|
- issue #11788 Avoid conversion of MySQL error messages
|
||
|
|
- issue #11792 Undefined index: parameters
|
||
|
|
- issue #11802 Undefined index: field_name_orig
|
||
|
|
- issue Undefined index: host
|
||
|
|
- issue #11810 'Add to central columns' (per column button) does nothing
|
||
|
|
- issue #11727 SQL duplicate entry error trying to INSERT in designer_settings table
|
||
|
|
- issue #11798 Fix handling of databases with dot in a name
|
||
|
|
- issue #11820 Fix hiding of page content behind menu
|
||
|
|
- issue #11780 FROM clause not generated after loading search bookmark
|
||
|
|
- issue #11826 Fix creating/editing VIEW with DEFINER containing special chars
|
||
|
|
- issue #11828 Do not invoke FLUSH PRIVILEGES when server in --skip-grant-tables
|
||
|
|
- issue #11804 Misleading message for configuration storage
|
||
|
|
- issue #11772 Table pagination does nothing when session expired
|
||
|
|
- issue #11840 Index comments not working properly
|
||
|
|
- issue #11791 Better handle local storage errors
|
||
|
|
- issue #11752 Improve detection of privileges for privilege adjusting
|
||
|
|
- issue #11854 Undefined property: stdClass::$releases at version check when disabled in config
|
||
|
|
- issue #11814 SQL comment and variable stripped from bookmark on save
|
||
|
|
- issue Gracefully handle errors in regex based javascript search
|
||
|
|
- issue [security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
|
||
|
|
- issue [security] Unsafe generation of CSRF token, see PMASA-2016-2
|
||
|
|
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-3
|
||
|
|
- issue [security] Insecure password generation in JavaScript, see PMASA-2016-4
|
||
|
|
- issue [security] Unsafe comparison of CSRF token, see PMASA-2016-5
|
||
|
|
- issue [security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
|
||
|
|
- issue [security] XSS vulnerability in normalization page, see PMASA-2016-7
|
||
|
|
- issue [security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8
|
||
|
|
- issue [security] XSS vulnerability in SQL editor, see PMASA-2016-9
|
||
|
|
|
||
|
|
--- Older ChangeLogs can be found on our project website ---
|
||
|
|
https://www.phpmyadmin.net/old-stuff/ChangeLogs/
|
||
|
|
|
||
|
|
# vim: et ts=4 sw=4 sts=4
|
||
|
|
# vim: ft=changelog fenc=utf-8
|
||
|
|
# vim: fde=getline(v\:lnum-1)=~'^\\s*$'&&getline(v\:lnum)=~'\\S'?'>1'\:1&&v\:lnum>4&&getline(v\:lnum)!~'^#'
|
||
|
|
# vim: fdn=1 fdm=expr
|