Tonight phpMyAdmin 4.0.10.17, 4.4.15.8, and 4.6.4 were released and you can probably see that there are quite some security issues fixed. Most of them are not really exploitable unless your PHP and webserver are poorly configured, but still it's good idea to upgrade.
If you are running Debian unstable, use our phpMyAdmin PPA for Ubuntu or use phpMyAdmin Docker image upgrading should be as simple as pulling new version.
Besides fixing security issues, we're generally hardening our infrastructure. I'm really grateful that Emanuel Bronshtein (@e3amn2l) is doing great review of all of our code and helps us in this area. This will really make our code and infrastructure much better.
Handled issues:
- #12448 Avoid using Short-Keys in GPG
- #12446 Not listing 4th column in table 'dos'
- #43 Verify downloaded sources
- #46 Specify version in variable
- #38 Cannot change configuration options
- #41 PMA DB/Configuration Storage Missing from Docker Container Capability
- #45 Verify downloaded tarball using PGP
- #42 config.userdef.inc.php hook to allow user configured settings.
- #44 User configurattion
