You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Security fixes:
Fix for a user potentially being able to disable their two factor authentication (PMASA-2022-1)
Add a new configuration directive $cfg['URLQueryEncryption'] to allow encrypting sensitive information in the URL to prevent disclosure. Thanks to Rich Grimes for suggesting this improvement
Add a new configuration directive $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding the full error message when a log on attempt fails, which can leak hostnames or IP addresses of the target database server. Thanks to Dr. Shuzhe Yang, Manager Security Governance at GLS IT Services for suggesting this improvement
Fixes for XSS and HTML injection attack in the graphical setup page (PMASA-2022-2)
Bug fixes
Revert a changed to $cfg['CharTextareaRows'] allow values less than 7
Fix encoding of enum and set values on edit value
Fixed possible "Undefined index: clause_is_unique" error
Fixed some situations where a user is logged out when working with more than one server
Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore
Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer
Correctly handle the removal of "innodb_file_format" in MariaDB and MySQL
