Author Topic: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !  (Read 12394 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
Hi,

First of all i wish to congratulate all the programmers of both CWP (Centos Web Panel) and CWP (Centos Web Panel) PRO for the excellent work they do and for the excellent product they have created, truly excellent from all points of view.
Congratulations also for the new and beautiful official website of CWP and CWP PRO https://control-webpanel.com/

Having said that, i ask you to consider from your next CWP (Centos Web Panel) and CWP (Centos Web Panel) PRO release,
updating phpMyAdmin to the latest version of phpMyAdmin v4.9.2 which was released on 22 November, 2019.

If you use this command sh /scripts/mysql_phpmyadmin_update the result is that an obsolete version of phpMyAdmin is installed for CWP (Centos Web Panel) and CWP (Centos Web Panel) PRO which is phpMyAdmin v4.7.9 which was released on 05 March, 2018.

This is the official changelog link for phpMyAdmin v4.9.2: https://www.phpmyadmin.net/files/4.9.2/

Welcome to phpMyAdmin 4.9.2, a bugfix release that also contains a security fix.

This security fix is part of an ongoing effort to improve the security of the Designer feature.
There is also an improvement for how we sanitize Git version information shown on the home page, thanks to Ali Hubail.

This release includes fixes for many bugs, including:

- Fixes for the "Failed to set session cookie" error which relates to the cookie name. In some cases, data stored in the cookie (such as the previously-used user account) may not be loaded from a previous phpMyAdmin cookie the first time you run version 4.9.2
- Fix for Advisor with MySQL 8.0.3 and newer
- Fix PHP deprecation errors
- Fix a situation where exporting users after a delete query could remove users
- Fix incorrect "You do not have privileges to manipulate with the users!" warning
- Fix copying a database's privileges and several other problems moving columns with MariaDB
- Fix for phpMyAdmin not selecting all the values when using shift-click to select during Export

There are many, many more bug fixes thanks to the efforts of our developers and other contributors.

The phpMyAdmin team

This is the official changelog link for phpMyAdmin v4.9.1: https://www.phpmyadmin.net/files/4.9.1/

Welcome to phpMyAdmin 4.9.1, a bugfix release.

This is a regularly-schedule bugfix release that also includes some security hardening measures.

We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of the team that the reported attack vector did not justify a separate release.

This release includes fixes for many bugs, including:

- Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer
- Compatibility issues with PHP 8
- Export of GIS visualization
- Enhanced descriptions for several collation types
- Creating a user with a single quote in the password string
- Unexpected quotes during import and export on text fields
- Improvements to adding new tables to Designer
- Fix an issue where an authenticated user could trigger heavy traffic between the database server and web server
- Fix a weakness where an attacker, under certain conditions, working at the same time as an administrator is using the setup script, could delete a server from the setup script

There are many, many more bug fixes thanks to the efforts of our developers, Google Summer of Code applicants, and other contributors.

The phpMyAdmin team

This is the official changelog link for phpMyAdmin v4.9.0.1: https://www.phpmyadmin.net/files/4.9.0.1/

Welcome to phpMyAdmin 4.9.0.1, a bugfix release that includes important security fixes.

This release fixes two security vulnerabilities:

* PMASA-2019-3 is an SQL injection flaw in the Designer feature
* PMASA-2019-4 is a CSRF attack that's possible through the 'cookie' login form

Upgrading is highly recommended for all users. Using the 'http' auth_type instead of 'cookie' can mitigate the CSRF attack.

The solution for the CSRF attack does remove the former functionality to log in directly through URL parameters (as mentioned in FAQ 4.8, such as https://example.com/phpmyadmin/?pma_username=root&password=foo). Such behavior was discouraged and is now removed. Other query parameters work as expected; only pma_username and pma_password have been removed.

This release also includes fixes for many bugs, including:

- Several issues with SYSTEM VERSIONING tables
- Fixed json encode error in export
- Fixed JavaScript events not activating on input (sql bookmark issue)
- Show Designer combo boxes when adding a constraint
- Fix edit view
- Fixed invalid default value for bit field
- Fix several errors relating to GIS data types
- Fixed javascript error PMA_messages is not defined
- Fixed import XML data with leading zeros
- Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4)
- Fixed MySQL 8.0.0 issues with GIS display
- Fixed "Server charset" in "Database server" tab showing wrong information
- Fixed can not copy user on Percona Server 5.7
- Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems

There are many, many more bug fixes thanks to the efforts of our developers, Google Summer of Code applicants, and other contributors.

The phpMyAdmin team

This is the official changelog link for phpMyAdmin v4.9.0: https://www.phpmyadmin.net/files/4.9.0/

Welcome to phpMyAdmin 4.9.0, a bugfix release that includes important security fixes.

This release fixes two security vulnerabilities:

* PMASA-2019-3 is an SQL injection flaw in the Designer feature
* PMASA-2019-4 is a CSRF attack that's possible through the 'cookie' login form

Upgrading is highly recommended for all users. Using the 'http' auth_type instead of 'cookie' can mitigate the CSRF attack.

The solution for the CSRF attack does remove the former functionality to log in directly through URL parameters (as mentioned in FAQ 4.8, such as https://example.com/phpmyadmin/?pma_username=root&password=foo). Such behavior was discouraged and is now removed. Other query parameters work as expected; only pma_username and pma_password have been removed.

This release also includes fixes for many bugs, including:

- Several issues with SYSTEM VERSIONING tables
- Fixed json encode error in export
- Fixed JavaScript events not activating on input (sql bookmark issue)
- Show Designer combo boxes when adding a constraint
- Fix edit view
- Fixed invalid default value for bit field
- Fix several errors relating to GIS data types
- Fixed javascript error PMA_messages is not defined
- Fixed import XML data with leading zeros
- Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4)
- Fixed MySQL 8.0.0 issues with GIS display
- Fixed "Server charset" in "Database server" tab showing wrong information
- Fixed can not copy user on Percona Server 5.7
- Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems

There are many, many more bug fixes thanks to the efforts of our developers, Google Summer of Code applicants, and other contributors.

The phpMyAdmin team

This is the official changelog link for phpMyAdmin v4.8.5: https://www.phpmyadmin.net/files/4.8.5/

The phpMyAdmin team announces the release of phpMyAdmin version 4.8.5. Among other bug fixes, this contains several important security fixes. Upgrading is highly recommended for all users.

The security fixes involve:

  * Arbitrary file read vulnerability (https://www.phpmyadmin.net/security/PMASA-2019-1)
  * SQL injection in the Designer interface (https://www.phpmyadmin.net/security/PMASA-2019-2)

The arbitrary file read vulnerability could also be exploited to delete arbitrary files on the server. This attack requires that phpMyAdmin be run with the $cfg['AllowArbitraryServer'] directive set to true, which is not the default. An attacker must run a malicious server process that will masquerade as a MySQL server. This exploit has been found and fixed recently in several other related projects and appears to be caused by a bug in PHP (https://bugs.php.net/bug.php?id=77496).

In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

  * Export to SQL format not available
  * QR code not shown when adding two-factor authentication to a user account
  * Issue with adding a new user in MySQL 8.0.11 and newer
  * Frozen interface relating to Text_Plain_Sql plugin
  * Table level Operations tab was missing

And several more. Complete notes are in the ChangeLog file included with this release.

As always, downloads are available at https://www.phpmyadmin.net/downloads/

This is the official changelog link for phpMyAdmin v4.8.4: https://www.phpmyadmin.net/files/4.8.4/

The phpMyAdmin team announces the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. Upgrading is highly recommended for all users.

The security fixes involve:

  * Local file inclusion (https://www.phpmyadmin.net/security/PMASA-2018-6/),
  * XSRF/CSRF vulnerabilities allowing a specially-crafted URL to perform harmful operations (https://www.phpmyadmin.net/security/PMASA-2018-7/), and
  * an XSS vulnerability in the navigation tree (https://www.phpmyadmin.net/security/PMASA-2018-8/)

In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

  * Issue with changing theme
  * Ensure that database names with a dot ('.') are handled properly when DisableIS is true
  * Fix for message "Error while copying database (pma__column_info)"
  * Move operation causes "SELECT * FROM `undefined`" error
  * When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged when $cfg['AuthLogSuccess'] was true
  * Multiple errors and regressions with Designer

And several more. Complete notes are in the ChangeLog file included with this release.

Note that for this release, we experimented with a pre-release announcement so that hosting providers and package managers would have an opportunity to prepare for the security release. If this was helpful to you or if you have feedback about this technique, please let us know through the public list developers@phpmyadmin.net or privately at security@phpmyadmin.net. We may or may not decide use this behavior in the future and your feedback will help us decide whether it's beneficial to the community.

As always, downloads are available at https://www.phpmyadmin.net/downloads/

This is the official changelog link for phpMyAdmin v4.8.3: https://www.phpmyadmin.net/files/4.8.3/

The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains a security fix for an issue that can be exploited when importing files.

A flaw was discovered with how warning messages are displayed while importing a file. This attack requires a specially-crafted file but can allow an attacker to trick the user in to executing a cross-site scripting (XSS) attack. We recommend updating immediately to mitigate this attack.

In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

* An error where a database is named 0
* Fix for NULL as default not being shown
* Fix for recent tables list
* Fix for slow performance with table filtering
* Two-factor authentication (2FA) fails if the GD PHP library is missing
* Event scheduler toggle does not work
* ERR_BLOCKED_BY_XSS_AUDITOR error when exporting a table
* PHP 7.3 warning: "continue" in "switch" is equal to "break"

And several more. Complete notes are in the ChangeLog file included with this release.

As always, downloads are available at https://www.phpmyadmin.net/downloads/

This is the official changelog link for phpMyAdmin v4.8.2: https://www.phpmyadmin.net/files/4.8.2/

The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains an important security update and it is highly recommended that all users upgrade immediately.

The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the server. PHP open_basedir restrictions mitigate the effect of this flaw. For further details, see the PMASA announcement .

A second flaw was also fixed allowing an attacker to use a specially crafted database name to trick a user in to executing a cross-site scripting (XSS) attack in the Designer feature .

In addition to the security fixes, this release also includes these bug fixes as part of our regular release cycle:

* WHERE 0 clause causes a fatal error
* Fix missing "INDEX" icon

Downloads are available at https://www.phpmyadmin.net/downloads/

This is the official changelog link for phpMyAdmin v4.8.1: https://www.phpmyadmin.net/files/4.8.1/

Welcome to phpMyAdmin 4.8.1, a bug fix release.

A complete list of changes and bugs fixed is available from the ChangeLog file or changelog.php included with this release.

A few highlights of bugs fixed include:

* Fix to the scrollbar functionality and Browse table CSS overflow
* Dropping indexes and keys fails
* Show two factor (2FA) secret code next to QR image
* Configuration for DefaultLang and Lang
* MariaDB 10.2 'current_timestamp()'
* Remember table sorting is broken

Known issues:

* Unable to log in with MySQL 8.0.11 (bug #14220, see also https://bugs.php.net/bug.php?id=76243)
* A few users have reported being unable to log in with a persistent error message
  "Failed to set session cookie. Maybe you are using HTTP instead of HTTPS". In some cases, clearing
  the phpMyAdmin cookies ('pma*') resolves the issue.

As always, downloads are available from https://www.phpmyadmin.net

The phpMyAdmin team

This is the official changelog link for phpMyAdmin v4.8.0.1: https://www.phpmyadmin.net/files/4.8.0.1/

Welcome to phpMyAdmin 4.8.0.1, which fixes a security flaw found in phpMyAdmin.

This version fixes a security flaw found in version 4.8.0 where an attacker can manipulate
a user in to following a specially-crafted link, allowing the attacker to execute arbitrary
SQL commands on the server. For more information, please see

We recommend that all users upgrade.

The phpMyAdmin Team

This is the official changelog link for phpMyAdmin v4.8.0: https://www.phpmyadmin.net/files/4.8.0/

Welcome to phpMyAdmin version 4.8.0. We are excited to bring you this updated version with many new features and bug fixes. There are no changes to system requirements.

A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.

Major changes include security enhancements such as removing the PHP eval() function and authentication logging, a mobile interface to improve the interface when used with tablets or mobile phones, and two-factor authentication options.

A few highlights of the changes include:

* Allow the removal of individual segments from pie charts
* Improved database search to allow matching the exact phrase
* phpMyAdmin no longer requires using the PHP eval() function
* The mbstring dependency is now optional
* Authentication logging using $cfg['AuthLog']
* Add support for Google's Invisible Captcha
* Improved handling of reCAPTCHA
* Fixes to the JavaScript editor for TIME values
* Improved the editor for the JSON data type
* Add "Format" button to the edit view form
* Implement mobile interface
* There are now configuration directives to set defaults for Transformation options
* Allow Designer to show tables from other databases
* Add support for authentication using U2F and 2FA
* Designer: fix broken "Add tables from other database"
* Fix double escaping of ENUM dropdown
* Restore SQL query after session expires
* Query builder: Fix for new column not being added
* Fix for blank login page
* Changes to the handling of arg_separator for AJAX requests; see issue #13940
* Structure tab: fix silent failure to create new indexes
* Fix improperly escaped HTML code on the database structure page
* Fix JavaScript errors when using Internet Explorer (in particular when editing rows)
* Fix for broken error report
* Fix failed import
* Fix for "Cannot read property sql_query of undefined" errors

Much of this work is thanks to the hard work of our Google Summer of Code 2017 students.

Additionally, there have been continuous improvements to many of the translations. If you don't see your language or find a problem, you can contribute too; see  for details.

As always, downloads are available at https://www.phpmyadmin.net

Thanks to our sponsors for helping to make this work possible!

The phpMyAdmin Team

I know you are always very busy developing CWP but i hope you can consider this suggestion of mine which i believe would be appreciated by all users of CWP (Centos Web Panel) and CWP (Centos Web Panel) PRO !

Thanks in advance for the support.


« Stay hungry, stay foolish. »

Offline
*
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #1 on: December 12, 2019, 12:02:20 PM »
you can update it by yourself but with newer versions  autologin will not work and that is the main reason cwp is still using an older version.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #2 on: December 12, 2019, 01:12:06 PM »
you can update it by yourself but with newer versions  autologin will not work and that is the main reason cwp is still using an older version.

you know almost 1 year with same issue :\

Offline
*
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #3 on: December 17, 2019, 02:43:07 AM »
Autologin works fine with version 4.7.9 but not with 4.9.2

Offline
**
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #4 on: December 17, 2019, 03:07:31 PM »
you can update it by yourself but with newer versions  autologin will not work and that is the main reason cwp is still using an older version.

Hi "studio4host" and thanks for the support.


« Stay hungry, stay foolish. »

Offline
**
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #5 on: December 17, 2019, 03:11:23 PM »
PROBLEM SOLVED

Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP (Centos Web Panel) and CWP PRO (Centos Web Panel Pro) !

Hi, i discovered a great website https://www.mysterydata.com/ with a great administrator where you can find many guides for CWP and more, also by registering for free on the forum i found the solution to this problem thanks to the courtesy and extreme availability of the administrator.

SOLUTION:

Forum topic with solution at MysteryData.com :

https://forum.mysterydata.com/topic/12/how-to-update-phpmyadmin-v4-7-9-outdated-version-to-the-latest-phpmyadmin-v4-9-2-for-cwp-and-cwp-pro-for-centos-7

Guide with solution at MysteryData.com :

https://www.mysterydata.com/how-to-update-phpmyadmin-latest-version-on-cwp-centos-webpanel/

Good day and good work to all !

NOTE:

At the moment with CWP (Centos Web Panel) and CWP PRO (Centos Web Panel Pro) for Centos 7 the autologin function ONLY WORK with the phpMyAdmin v4.7.9 outdated version released on 05 March, 2018.

With this update to phpMyAdmin v4.9.2 which was released on 22 November, 2019 at the moment the autologin function NOT WORK with CWP (Centos Web Panel) and CWP PRO (Centos Web Panel Pro) for Centos 7
« Last Edit: December 17, 2019, 03:21:05 PM by Automata »


« Stay hungry, stay foolish. »

Offline
*
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #6 on: December 19, 2019, 04:11:43 AM »
I’ve updated phpMyAdmin a number of times. Seems to revert to the integrated version within a day. Any idea what process is doing this and how to stop it? Thanks!

I’m on CWP Pro.

Offline
**
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #7 on: December 28, 2019, 12:25:26 AM »
I’ve updated phpMyAdmin a number of times. Seems to revert to the integrated version within a day. Any idea what process is doing this and how to stop it? Thanks!

I’m on CWP Pro.

 :) Hi "brianjd",

I have the same problem !!!

I have discovered a great website https://www.mysterydata.com/ with a great Administrator with courtesy and extreme availability where you can find many guides for CWP (Centos Web Panel) and CWP PRO (Centos Web Panel Pro) for Centos 7 ! and more.

Also by registering for free on the official MysteryData.com forum https://forum.mysterydata.com/ you can also ask for help to solve this problem or to have help in general also and not only with regard to CWP (Centos Web Panel) and CWP PRO (Centos Web Panel Pro) for Centos 7 !

I have opened a topic for this problem on official MysteryData.com forum at this link:

https://forum.mysterydata.com/topic/12/how-to-update-phpmyadmin-v4-7-9-outdated-version-to-the-latest-phpmyadmin-v4-9-2-for-cwp-and-cwp-pro-for-centos-7/14

Feel free to participate in this discussion.

Bye, good day and good work for you !


« Stay hungry, stay foolish. »

Offline
**
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #8 on: December 28, 2019, 12:28:30 AM »
you can update it by yourself but with newer versions  autologin will not work and that is the main reason cwp is still using an older version.

Hi "studio4host",

I made the update from phpMyAdmin v4.7.9 to phpMyAdmin v4.9.2 but at the moment CWP PRO (Centos Web Panel Pro) for Centos 7 has reported it automatically and by itself to the phpMyAdmin v4.7.9 !

Please help me to solve this problem.

Thanks in advance for the support.


« Stay hungry, stay foolish. »

Offline
**
Re: Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO !
« Reply #9 on: December 28, 2019, 12:35:30 AM »
you can update it by yourself but with newer versions  autologin will not work and that is the main reason cwp is still using an older version.

Hi "studio4host",

You have a time frame within which you will release the update from phpMyAdmin v4.7.9 very very old and outdated version which was released on 05 March, 2018, over 21 months ago, to the last and stable phpMyAdmin v4.9.3 which was released on 26 December, 2019 ?

This is the official changelog link for phpMyAdmin v4.9.3: https://www.phpmyadmin.net/files/4.9.3/

Welcome to phpMyAdmin 4.9.3, a routine bugfix release.

This is planned as the final bugfix release of phpMyAdmin version 4. Version 4 works with PHP versions 5.5 through (at least) 7.4,
and MySQL versions 5.5 and newer (and the corresponding MariaDB versions). Version 5 will require PHP 7.1 or newer, but
we plan to maintain security fixes for version 4 as part of our LTS program. For end of life details and supported
versions, please see the "Supported versions" grid at .

This release includes fixes for many bugs, including:

- Several PHP notices and warnings including "Undefined index table_create_time,"
  a notice about error_reporting() being disabled for security reasons, and several Undefined Index errors.
- Support CloudFront-Forwarded-Proto header for Amazon CloudFront proxy
- Early compatibility with development versions of PHP 8
- Fix replication actions (start, stop, etc)

There are many, many more bug fixes thanks to the efforts of our developers and other contributors.
For full details, you can see the ChangeLog file included with this release.

The phpMyAdmin team.

Thanks in advance for the support.
« Last Edit: December 28, 2019, 12:51:31 AM by Automata »


« Stay hungry, stay foolish. »