Michal Čihař - Security work

Security work

As you can now see on phpMyAdmin's security page, we've managed to spend 9 security announcements on todays release. Hopefully it won't continue that bad in rest of the year.

Anyway receiving such extensive report was really challenging for us - correctly tracking and fixing all reported issues, discovering which versions are affected. This proven to be quite difficult given that most of the affected code has been refactored meanwhile. But I'm quite happy we've managed to fix ll issues on three supported branches in two weeks.

Another challenge (especially for Isaac) was that this all came with change of our release manager, so forgive us some minor problems with the releases (especially not updated changelogs), we will do it better next time!

PS: Updated packages are on their way to Debian and phpMyAdmin PPA.

PS2: It seems we've messed few more things, so expect quick followup releases for older versions.

Comments

Julien wrote on Jan. 28, 2016, 12:43 p.m.

Hi,

This update break old versions of PMA :
https://github.com/phpmyadmin/phpmyadmin/issues/11891
https://github.com/phpmyadmin/phpmyadmin/issues/11892

Best regards,
Julien

wrote on Jan. 28, 2016, 2:58 p.m.

Sorry for that, seems our testsuite for those is not that complete as it should be...

Julien wrote on Jan. 28, 2016, 3:37 p.m.

No problem, we rolled back & wait.

hansen wrote on Jan. 29, 2016, 11:37 p.m.

Seems like they just fixed them a few hours ago with 4.5.4.1:
https://www.phpmyadmin.net/files/4.5.4.1/

By the way, thank you for all your work on this ppa!