.. include:: ../Includes.txt .. _changelog: ========== Change Log ========== The following is an overview of the changes in this extension. For more details `read the online log `_. 2020-10-10 Andreas Beutel - Version 5.6.4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.9.x release (4.9.6) - [SECURITY] Includes moderate vendor security fixes - `PMASA-2020-5 `_: XSS relating to the transformation feature - `PMASA-2020-6 `_: SQL injection vulnerability in SearchController - [BUGFIX] Show all available databases in left panel - GH #45 (thanks to Michael Schams for the contribution) 2020-07-19 Andreas Beutel - Version 5.6.3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Resolve dropped PATH_typo3 for TYPO3 10.x - GH #44 (thanks to Alexander Nitsche for the contribution) 2020-03-23 Andreas Beutel - Version 5.6.2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.9.x release (4.9.5) - [SECURITY] Includes moderate vendor security fixes - `PMASA-2020-2 `_: SQL injection with processing username - `PMASA-2020-3 `_: SQL injection relating to searching - `PMASA-2020-4 `_: SQL injection relating to data display 2020-02-12 Andreas Beutel - Version 5.6.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Use proper Uppercase Vendor name for registerModule() 2020-02-10 Andreas Beutel - Version 5.6.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Vendor name must begin with Capital letter - GH#37 (thanks to ashupatel1990 for reporting this) - [TASK] Update release notes of 5.5.0 release to include reference to PMASA-2019-5 fixed in 4.9.2 2020-02-08 Andreas Beutel - Version 5.5.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.9.x release (4.9.4) - [SECURITY] Includes serious vendor security fix - `PMASA-2020-1 `_: SQL injection in user accounts page - `PMASA-2019-5 `_: SQL injection in Designer feature 2019-08-03 Andreas Beutel - Version 5.4.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [FEATURE] Mark pMA compatible with TYPO3 10.x 2019-06-09 Andreas Beutel - Version 5.3.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Rename js/vendor/ to js/pma-vendor - [TASK] Update pMA to the latest stable 4.9.x release (4.9.0.1) - [SECURITY] Includes serious vendor security fixes - `PMASA-2019-3 `_: SQL injection in Designer feature - `PMASA-2019-4 `_: CSRF vulnerability in login form 2019-06-07 Andreas Beutel - Version 5.2.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Update documentation for new rendering process 2019-02-07 Andreas Beutel - Version 5.2.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Re-enable scrolling for pMA in TYPO3 Backend - #84529 (thanks to Renzo Bauen and Jürg Blaser for the contributions) 2019-01-26 Andreas Beutel - Version 5.2.5 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [FEATURE] Mark pMA compatible with TYPO3 9 LTS and PHP 7.2 - [TASK] Update pMA to the latest stable 4.8.x release (4.8.5) - [SECURITY] Includes serious vendor security fixes - `PMASA-2019-1 `_: Arbitrary file read vulnerability - `PMASA-2019-2 `_: SQL injection in Designer feature 2018-12-11 Andreas Beutel - Version 5.2.4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.8.x release (4.8.4) - [SECURITY] Includes severe vendor security fixes - `PMASA-2018-6 `_: Local file inclusion through transformation feature - [SECURITY] Includes vendor security fix of moderate severity - `PMASA-2018-8 `_: XSS vulnerability in navigation tree - `PMASA-2018-7 `_: XSRF/CSRF vulnerability in phpMyAdmin 2018-11-26 Andreas Beutel - Version 5.2.3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.8.x release (4.8.3) - [SECURITY] Includes critical vendor security fixes - `PMASA-2018-2 `_: CSRF vulnerability allowing arbitrary SQL execution - [SECURITY] Includes severe vendor security fixes - `PMASA-2018-4 `_: File inclusion and remote code execution attack - [SECURITY] Includes vendor security fix of moderate severity - `PMASA-2018-3 `_: XSS in Designer feature - `PMASA-2018-5 `_: XSS in the import dialog 2018-02-25 Andreas Beutel - Version 5.2.2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.7.x release (4.7.8) - [SECURITY] Includes vendor security fix of moderate severity - `PMASA-2018-1 `_: Self XSS in central columns feature 2018-01-01 Andreas Beutel - Version 5.2.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.7.x release (4.7.7) - [SECURITY] Includes critical vendor security fixes - `PMASA-2017-9 `_: XSRF/CSRF vulnerability in phpMyAdmin - [SECURITY] Includes non-critical vendor security fixes - `PMASA-2017-8 `_: Bypass $cfg['Servers'][$i]['AllowNoPassword'] 2017-07-21 Andreas Beutel - Version 5.2.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [!!!][TASK] Refactor BE Module for TYPO3 8.x compatibility (thanks to Sven Juergens for the contribution) - [TASK] Update pMA to the latest stable 4.7.x release (4.7.3) 2017-01-31 Andreas Beutel - Version 5.1.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.15.10) - [SECURITY] Includes non-critical vendor security fixes - `PMASA-2017-7 `_: DOS in replication status - `PMASA-2017-6 `_: SSRF in replication - `PMASA-2017-5 `_: Cookie attribute injection attack - `PMASA-2017-4 `_: CSS injection in themes - `PMASA-2017-3 `_: DOS vulnerability in table editing - `PMASA-2017-1 `_: Open redirect - [SECURITY] Includes minor vendor security fixes - `PMASA-2017-2 `_: php-gettext code execution 2016-11-30 Andreas Beutel - Version 5.1.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.15.9) - [SECURITY] Includes vendor security fixes - `PMASA-2016-58 `_: Unsafe generation of $cfg['blowfish_secret'] - `PMASA-2016-59 `_: phpMyAdmin's phpinfo functionality is removed - `PMASA-2016-60 `_: AllowRoot and allow/deny rule bypass with specially-crafted username - `PMASA-2016-61 `_: Username matching weaknesses with allow/deny rules - `PMASA-2016-62 `_: Possible to bypass logout timeout - `PMASA-2016-63 `_: Full path disclosure (FPD) weaknesses - `PMASA-2016-64 `_: Multiple XSS weaknesses - `PMASA-2016-65 `_: Multiple denial-of-service (DOS) vulnerabilities - `PMASA-2016-66 `_: Possible to bypass white-list protection for URL redirection - `PMASA-2016-69 `_: Multiple SQL injection vulnerabilities - `PMASA-2016-70 `_: Incorrect serialized string parsing - `PMASA-2016-71 `_: CSRF token not stripped from the URL 2016-08-17 Andreas Beutel - Version 5.1.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.15.8) - [SECURITY] Includes critical vendor security fixes - `PMASA-2016-56 `_: Remote code execution vulnerability when PHP is running with dbase extension - `PMASA-2016-54 `_: Remote code execution vulnerability when run as CGI - `PMASA-2016-52 `_: ArbitraryServerRegexp bypass - `PMASA-2016-45 `_: DOS attack with forced persistent connections - [SECURITY] Includes serious vendor security fixes - `PMASA-2016-53 `_: Denial of service (DOS) attack by changing password to a very long string - `PMASA-2016-47 `_: IPv6 and proxy server IP-based authentication rule circumvention - `PMASA-2016-42 `_: SQL injection attack as control user - `PMASA-2016-39 `_: SQL injection attack - `PMASA-2016-37 `_: Path traversal with SaveDir and UploadDir - `PMASA-2016-36 `_: Local file exposure through symlinks with UploadDir - `PMASA-2016-35 `_: Local file exposure - `PMASA-2016-34 `_: SQL injection attack - `PMASA-2016-29 `_: Weakness with cookie encryption - `PMASA-2016-22 `_: DOS attack - `PMASA-2016-21 `_: Multiple XSS vulnerabilities - [SECURITY] Includes moderate vendor security fixes - `PMASA-2016-51 `_: Reflected File Download attack - `PMASA-2016-50 `_: Referrer leak in url.php - `PMASA-2016-49 `_: Bypass URL redirect protection - `PMASA-2016-46 `_: Denial of service (DOS) attack by for loops - `PMASA-2016-43 `_: Unvalidated data passed to unserialize() - `PMASA-2016-32 `_: PHP code injection - `PMASA-2016-30 `_: Multiple XSS vulnerabilities - `PMASA-2016-28 `_: Referrer leak in transformations - `PMASA-2016-27 `_: Unsafe handling of preg_replace parameters - `PMASA-2016-26 `_: Multiple XSS vulnerabilities - `PMASA-2016-23 `_: Multiple full path disclosure vulnerabilities - `PMASA-2016-19 `_: SQL injection attack - [SECURITY] Includes non-critical vendor security fixes - `PMASA-2016-55 `_: Denial of service (DOS) attack with dbase extension - `PMASA-2016-48 `_: Detect if user is logged in - `PMASA-2016-41 `_: Denial of service (DOS) attack in transformation feature - `PMASA-2016-38 `_: Multiple XSS vulnerabilities - `PMASA-2016-33 `_: Full path disclosure - `PMASA-2016-17 `_: BBCode injection vulnerability 2016-05-27 Andreas Beutel - Version 5.1.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.15.6) - [SECURITY] Includes non-critical vendor security fixes - `PMASA-2016-11 `_: Multiple XSS vulnerabilities - `PMASA-2016-12 `_: Multiple XSS vulnerabilities - `PMASA-2016-16 `_: Self XSS 2016-01-28 Andreas Beutel - Version 5.1.5 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.15.3) - [SECURITY] Includes critical vendor security fixes - `PMASA-2016-5 `_: Unsafe comparison of XSRF/CSRF token - [SECURITY] Includes non-critical vendor security fixes - `PMASA-2015-6 `_: Full path disclosure vulnerability - `PMASA-2016-1 `_: Multiple full path disclosure vulnerabilities - `PMASA-2016-2 `_: Unsafe generation of XSRF/CSRF token - `PMASA-2016-3 `_: Multiple XSS vulnerabilities - `PMASA-2016-4 `_: Insecure password generation in JavaScript - `PMASA-2016-6 `_: Multiple full path disclosure vulnerabilities - `PMASA-2016-7 `_: XSS vulnerability in normalization page - [FEATURE] Provide composer.json (thanks to André Wuttig for the contribution) 2015-11-01 Andreas Beutel - Version 5.1.4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Update version number in vendor path and Settings.xml 2015-10-31 Andreas Beutel - Version 5.1.3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.15.1) - [CHANGE] Set TYPO3 compatibility for 6.2 to 7.6 - [SECURITY] Includes a vendor security fix - `PMASA-2015-5 `_: Content spoofing vulnerability when redirecting user to an external site 2015-09-29 Andreas Beutel - Version 5.1.2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.15) - [CHANGE] Set TYPO3 compatibility for 6.2 to 7.5 2015-08-24 Andreas Beutel - Version 5.1.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Fix wrong module path in config.inc.php - #69298 - [CHANGE] Rename variable keys from typo_ to typo3_ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.14) 2015-08-10 Andreas Beutel - Version 5.1.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.13.1) - [CHANGE] Set TYPO3 compatibility for 6.2 to 7.4 2015-07-13 Andreas Beutel - Version 5.0.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Remove deprecated conf.php file and update ext_tables.php to prevent duplicate configuration - #68065 - [CHANGE] Update documentation and add new screenshot and fix some spelling errors 2015-07-12 Andreas Beutel - Version 5.0.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [FEATURE] Release of version 5.0.0 stable - [TASK] Update pMA to the latest stable 4.4.x release (4.4.11) 2015-06-20 Andreas Beutel - Version 5.0.0-dev ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.10) - [CHANGE] Set TYPO3 compatibility for 6.2 to 7.3 - [!!!][CHANGE] Switch to mysqli for database connection - [CHANGE] Drop unsupported configuration pMA directives - [FEATURE] Support of mysql socket connections if configured in TYPO3 - [CHANGE] Code cleanup in backend module - [CHANGE] Move localization to XLIFF 2015-05-26 Andreas Beutel - Version 5.0.0-dev ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [FEATURE] Add check for ``$GLOBALS['PHP_UNIT_TEST_RUNNING']`` in class ``tx_phpmyadmin_utilities`` to disable session and cookie handling if PHP Unit Tests are in progress using createFakeFrontEnd(). Set ``$GLOBALS['PHP_UNIT_TEST_RUNNING'] = TRUE;`` in your Unit Test in the ``setUp()`` method of the unit test. 2015-05-25 Andreas Beutel - Version 5.0.0-dev ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.4.x release (4.4.7) - [CHANGE] Set TYPO3 compatibility for 6.2 to 7.2 2015-05-26 Andreas Beutel - Version 4.19.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Feature: Add check for ``$GLOBALS['PHP_UNIT_TEST_RUNNING']`` in class ``tx_phpmyadmin_utilities`` to disable session and cookie handling if PHP Unit Tests are in progress using createFakeFrontEnd (). Set ``$GLOBALS['PHP_UNIT_TEST_RUNNING'] = TRUE;`` in your Unit Test in the ``setUp()`` method of the unit test. 2015-05-23 Andreas Beutel - Version 4.19.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.0.x release (4.0.10.10) - [SECURITY] Includes several security fixes - `PMASA-2015-3 `_: Vulnerability allowing man-in-the-middle attack on API call to GitHub. - `PMASA-2015-2 `_: XSRF/CSRF vulnerability in phpMyAdmin setup. - `PMASA-2015-1 `_: Risk of BREACH attack due to reflected parameter. - [BUGFIX] Add extension configuration to disable transparent session ids to fix bugs in JSON output – see https://forge.typo3.org/issues/58263 - thanks to Stefan Froemken for providing this fix - [CHANGE] Remove obsolete configuration option »AjaxEnable« (no longer available in pMA) - [CHANGE] Switch documentation to reST 2014-12-05 Andreas Beutel - Version 4.18.5 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.0.x release (4.0.10.5) - [SECURITY] Includes several security fixes - `PMASA-2014-13 `_: Multiple XSS vulnerabilities. - `PMASA-2014-14 `_: Local file inclusion vulnerability. - `PMASA-2014-17 `_: DoS vulnerability with long passwords. 2014-11-01 Andreas Beutel - Version 4.18.4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.0.x release (4.0.10.5) - [SECURITY] Includes several security fixes - `PMASA-2014-11 `_: XSS vulnerabilities in table search and table structure pages. - `PMASA-2014-12 `_: XSS vulnerabilities in SQL debug output and server monitor page. 2014-09-25 Andreas Beutel - Version 4.18.3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.0.x release (4.0.10.3) - [SECURITY] Includes several security fixes - `PMASA-2014-10 `_: XSRF/CSRF due to DOM based XSS in the micro history feature - `PMASA-2014-8 `_: Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages 2014-07-20 Andreas Beutel - Version 4.18.2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable 4.0.x release (4.0.10.1) - [SECURITY] Includes non-critical security fixes - `PMASA-2014-5 `_: Self-XSS due to unescaped HTML output in database triggers page. - `PMASA-2014-6 `_: Multiple XSS in AJAX confirmation messages. - [FEATURE] #56522: Do not remove PL language on packaging for T3O 2014-03-03 Andreas Beutel - Version 4.18.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Set TYPO3 6.2 compatibility 2014-01-31 Andreas Beutel - Version 4.18.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Set TYPO3 6.1 compatibility - [TASK] Update pMA to the stable release (4.0.10) 2013-09-01 Andreas Beutel - Version 4.17.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [FEATURE] #51384: Add EM-config option to disable Ajax in pMA (thanks to Gabriel Kaufmann for the suggestion) 2013-07-29 Andreas Beutel - Version 4.16.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.5.8.2) - [SECURITY] Includes several security fixes - `PMASA-2013-15 `_: SQL injection vulnerabilities, producing a privilege escalation (control user). - `PMASA-2013-14 `_: Self-XSS due to unescaped HTML output in schema export. - `PMASA-2013-12 `_: Full path disclosure vulnerabilities. - `PMASA-2013-11 `_: If a crafted version.json would be presented, an XSS could be introduced. - `PMASA-2013-9 `_: 5 XSS vulnerabilities in setup, chart display, process list, and logo link. 2013-03-11 Andreas Beutel - Version 4.15.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] #46165: Wrong include files can be used (thanks to Dmitry Dulepov for reporting the issue and providing the patch!) 2012-11-28 Andreas Beutel - Version 4.15.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Set TYPO3 6.0 compatibility - [TASK] Update pMA to the latest stable release (3.5.4) - [BUGFIX] #42517: Typo3 6.0 - 'backend required' error 2012-08-13 Andreas Beutel - Version 4.14.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.5.2.2) - [BUGFIX] #18560: Every first BE-Login fails (thanks to Markus Kappe for a patch and the others for testing) - [SECURITY] Includes non-critical security fixes - `PMASA-2012-3 `_: Path disclosure due to missing library. - `PMASA-2012-4 `_: Fixed XSS vulnerabilities. 2012-03-31 Andreas Beutel - Version 4.13.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.10.2) - [BUGFIX] #18245: phpmyadmin 4.11.3 - Error on first Access after login (thanks to Jerome Schneider for the patch!) 2012-02-14 Andreas Beutel - Version 4.12.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.10) 2011-12-22 Andreas Beutel - Version 4.11.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.9) - [SECURITY] Non-critical security fixes - `PMASA-2011-20 `_: XSS in export. 2011-11-10 Andreas Beutel - Version 4.11.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.7.1) - [SECURITY] Security fixes - `PMASA-2011-17 `_: Local file inclusion. 2011-10-23 Andreas Beutel - Version 4.11.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.7) - Version number 4.11.7 was skipped due an erroneous upload in EM 2011-10-16 Andreas Beutel - Version 4.11.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.6) - [SECURITY] Security fixes - `PMASA-2011-15 `_: Local path disclosure vulnerability - `PMASA-2011-16 `_: XSS in setup (host/verbose parameter) 2011-09-14 Andreas Beutel - Version 4.11.5 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.5) - [SECURITY] Security fixes - `PMASA-2011-14 `_: Multiple XSS 2011-08-24 Andreas Beutel - Version 4.11.4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.4) - [SECURITY] Security fixes - `PMASA-2011-13 `_: Multiple XSS in the Tracking feature 2011-07-23 Andreas Beutel - Version 4.11.3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.3.2) - [SECURITY] Security fixes - `PMASA-2011-9 `_: XSS in table Print view - `PMASA-2011-10 `_: Local file inclusion - `PMASA-2011-11 `_: Local file inclusion vulnerability and code execution - `PMASA-2011-12 `_: Possible session manipulation in swekey authentication 2011-07-03 Andreas Beutel - Version 4.11.2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.3.1) - [SECURITY] Security fixes - `PMASA-2011-5 `_: Fixed possible session manipulation in swekey authentication - `PMASA-2011-6 `_: Fixed possible code injection incase session variables are compromised - `PMASA-2011-7 `_: Fixed regexp quoting issue in Synchronize code 2011-05-23 Andreas Beutel - Version 4.11.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Fixed #18148: Configuration: Allowed IPs doesn't work 2011-05-21 Andreas Beutel - Version 4.11.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.4.1) - [SECURITY] Security fix (PMASA-2011-3) 2011-03-07 Andreas Beutel - Version 4.10.3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Implemented #15492: 'doNotLoadInFE' => 1 in EM_CONF 2011-03-07 Andreas Beutel - Version 4.10.2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Fixed #17850: Using t3lib\_div::cmpIP for access control 2011-02-26 Andreas Beutel - Version 4.10.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.3.9.2) - [FEATURE] IP-Access restrictions in extension configuration (Thanks to Søren Malling!) - [FEATURE] TYPO3 4.5 compatibility - [CHANGE] Disabled the TYPO3 theme until next update 2010-08-20 Andreas Beutel - Version 4.9.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [SECURITY] Security fix (`PMASA-2010-5 and TYPO3-SA-2010-017) `_: Several XSS vulnerabilities were found in the code. - [TASK] Update pMA to the latest stable release (3.3.5.1) 2010-07-28 Andreas Beutel - Version 4.8.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [SECURITY] Critical security fix for broken backend permission check 2010-03-05 Andreas Beutel - Version 4.8.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.2.5) - [BUGFIX] Fixed #13481: Get signon uri for redirect (initial patch provided by Michael Klapper, thanks!) - [BUGFIX] Follow-up/Changed: Using vars $extPath and ``$typo3DocumentRoot`` 2009-11-26 Andreas Beutel - Version 4.7.3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [FEATURE] Feature #12678: Allow empty password for MySQL user. 2009-11-26 Andreas Beutel - Version 4.7.2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Fixed #12772: Removed erroneous require statement 2009-11-25 Andreas Beutel - Version 4.7.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Fixed a bug: Fixed another issue with path calculation (works now for installations in subdirectories) - [FEATURE] Compatibility for TYPO3 4.3 2009-11-19 Andreas Beutel - Version 4.7.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Fixed #12056: Wrong calculation of $BACK\_PATH - [BUGFIX] Workaround for #12057: Empty MySQL password blocks EXT:phpmyadmin - [TASK] Update pMA to the latest stable release (3.2.3) - [FEATURE] Added custom TYPO3 theme 2009-11-19 Andreas Beutel - Version 4.6.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ – was erroneously omitted during update and released as 4.7.0 2009-10-20 Andreas Beutel - Version 4.5.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [SECURITY] Security fix (`PMASA-2009-6) `_: XSS and SQL injection vulnerabilities - [TASK] Update pMA to the latest stable release (3.2.2.1) - [TASK] Update the manual to latest documentation template 2009-06-15 Andreas Beutel - Version 4.4.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.2.0) - [BUGFIX] Fixed a bug: Logoff in 4.3.x did not work since directory name was wrong 2009-03-24 Andreas Beutel - Version 4.3.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [SECURITY] Security fix (`PMASA-2009-3) `_: Insufficient output sanitizing when generating configuration file. - [TASK] Update pMA to the latest stable release (3.1.3.1) 2008-12-14 Andreas Beutel - Version 4.2.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [SECURITY] Security fix (`PMASA-2008-10) `_: SQL injection through XSRF on several pages - [TASK] Update pMA to the latest stable release (3.1.1) - [CHANGE] Changed extension config: Set 'clearcacheonload' to 0 - [CHANGE] Renamed ChangeLog to ChangeLog.txt 2008-11-01 Andreas Beutel - Version 4.1.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [SECURITY] Security fix (`PMASA-2008-9) `_: XSS in a Designer component - [TASK] Update pMA to the latest stable release (3.0.1.1) - [FEATURE] Configuration: Restored the default behavior of the left navigation frame. Set link to sql.php - Thanks to Julian Hofman for pointing me to this option. 2008-10-25 Andreas Beutel - Version 4.1.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Updated pMA to the latest stable release (3.0.1) - [BUGFIX] Fixed bug #6934: Setting the path variables in SESSION to avoid file includes - [FEATURE] Changed extension to use typo3/mod.php. See also http://bugs.typo3.org/view.php?id=5278 2008-10-02 Andreas Beutel - Version 4.0.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [BUGFIX] Trying to fix the redirect bug by a forcing the cookie according to issue #8884 http://bugs.typo3.org/view.php?id=8884#c23323 suggested by Rene Nitzsche 2008-09-28 Andreas Beutel - Version 4.0.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [TASK] Update pMA to the latest stable release (3.0.0) - [CHANGE] Branching the pMA extension into two branches: The 3.x series with PHP4 support and the 4.x series with a minimum requirement of MySQL 5, PHP5 (5.2 and above) - [CHANGE] Old (3.x) versions may be obtained at https://www.mehrwert.de/content-management/typo3-extensions/ 2008-09-22 Andreas Beutel - Version 3.4.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [SECURITY] Security fix (`PMASA-2008-8) `_: XSS in MSIE using NUL byte - [TASK] Update pMA to the latest stable release (2.11.9.2) 2008-09-15 Andreas Beutel - Version 3.3.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Skipping 3.2.0 see below - [SECURITY] Security fix (`PMASA-2008-7) `_: Code execution vulnerability - [TASK] Update pMA to the latest stable release (2.11.9.1) 2008-06-25 Andreas Beutel - Version 3.1.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - was release as 3.2.0 by the TYPO3 Security Team by accident - [SECURITY] Security fix (`PMASA-2008-4) `_: XSS on plausible insecure PHP installation - [CHANGE] Updated pMA to the latest stable release (2.11.7) - [CHANGE] Changed handling of required/included files - [CHANGE] Removed XCLASS call in modsub/index.php 2008-05-01 Andreas Beutel - Version 3.0.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Fixed a bug related to required files (only occurred if pMA is installed globally). Thanks to Laurent for pointing me to this issue 2008-04-30 Andreas Beutel - Version 3.0.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Updated pMA to the latest stable release (2.11.6) - [CHANGE] Changed the authentication concept for pMA - [CHANGE] Using signon auth (see http://wiki.cihar.com/pma/auth\_types#signon) now (Thanks to Marc Bastian Heinrichs for pointing me to this method) - [CHANGE] Added a call to the TYPO3 BE logoff hook to delete the pMA session on logout - [CHANGE] Updated the version number 2007-07-16 Andreas Beutel - Version 0.2.2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Security fix (mehrwert-Issue #4110): Provides exactly the same functionality as the previous version but contains an important bug fix. 2007-02-10 Andreas Beutel - Version 0.2.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Merged changes from latest release of the global extension (from T3 3.8.1) - [CHANGE] Updated phpMyAdmin to 2.6.4pl3 for security reasons - [CHANGE] Extension is no longer a shy extension - [CHANGE] Removed lock type GLOBAL, extension can be installed locally - [CHANGE] Merged new translations 2006-09-10 Andreas Beutel - Version 0.1.1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Pre-release of 2.6.4pl3 2006-08-16 Andreas Beutel - Version 0.1.0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] Updated the phpMyAdmin version to 2.6.0pl3 and fixed the stylesheet bug - [CHANGE] Merged translations 2005-11-09 Michael Stucki ^^^^^^^^^^^^^^^^^^^^^^^^^ - [CHANGE] New upstream release - [CHANGE] Check server environment settings using isset() - caused phpMyAdmin module to stop loading otherwise