Changelog for
phpMyAdmin-4.9.11-1.9.noarch.rpm :
* Tue May 23 2023 chrisAATTcomputersalat.de- Update to 4.9.11 This is a security and bugfix release.
* Fix for boo#1208186 (CVE-2023-25727, PMASA-2023-1, CWE-661) XSS vulnerability in drag-and-drop upload - An XSS vulnerability has been discovered where an authenticated user can trigger an XSS attack by uploading a specially-crafted .sql file through the drag-and-drop interface.
* Wed Jul 13 2022 chrisAATTcomputersalat.de- Update to 4.9.10 This is a bugfix release to fix a recent regression. https://www.phpmyadmin.net/files/4.9.10/
* Sat Jan 22 2022 ecsos
- Update to 4.9.8 This is a security and bugfix release.
* Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) Two factor authentication bypass
* Add a new configuration directive $cfg[\'URLQueryEncryption\'] to allow encrypting sensitive information in the URL to prevent disclosure. Thanks to Rich Grimes for suggesting this improvement
* Add a new configuration directive $cfg[\'Servers\'][$i][\'hide_connection_errors\'] to allow hiding the full error message when a log on attempt fails, which can leak hostnames or IP addresses of the target database server.
* Thu Dec 10 2020 Arjen de Korte - Use system apache rpm macros
* Fri Oct 16 2020 Andreas Stieger - phpMyAdmin 4.9.7:
* Fix two factor authentication that was broken in 4.9.6
* Fix incompatibilities with older PHP versions
* Mon Oct 12 2020 ecsos - Update to 4.9.6 This is a security release.- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to the transformation feature- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection vulnerability in SearchController
* Sun May 03 2020 chrisAATTcomputersalat.de- fix for boo#1170743 phpMyAdmin installation wipes it\'s sysconfig apache_server_flag entry
* Sat May 02 2020 Arjen de Korte - Don\'t expand AATTFQDNAATT from /etc/HOSTNAME (this used to set $cfg[\'PmaAbsoluteUri\'] parameter, but this variable is no longer in the config.sample.ini file)
* Thu Apr 23 2020 Dominique Leuenberger - Drop python-devel BuildRequires: python2 is EOL and this seems unused.- Drop xz BuildRequires: OBS takes care of unpacking the tarball.
* Mon Mar 23 2020 ecsosAATTopensuse.org- Update to 4.9.5 This is a security release containing several bug fixes.
* CVE-2020-10804: SQL injection vulnerability in the user accounts page, particularly when changing a password (boo#1167335, PMASA-2020-2)
* CVE-2020-10802: SQL injection vulnerability relating to the search feature (boo#1167336, PMASA-2020-3)
* CVE-2020-10803: SQL injection and XSS having to do with displaying results (boo#1167337, PMASA-2020-4)
* Removing of the \"options\" field for the external transformation.