Change Log¶

The following is an overview of the changes in this extension. For more details read the online log.

2023-02-08 Andreas Beutel - Version 6.1.0¶

[TASK] Update pMA to the latest stable 5.2.x release (5.2.1)
[SECURITY] Includes moderate vendor security fix
PMASA-2023-1: XSS vulnerability in drag-and-drop upload
[TASK] Add .ddev configuration

2021-11-25 Andreas Beutel - Version 6.0.1¶

[BUGFIX] Only set PHPMyAdmin cookie for BE Users - GH #57 (thanks to bmack for reporting and fixing this)

2021-11-11 Andreas Beutel - Version 6.0.0¶

[!!!][TASK] Update pMA to the latest stable 5.1.x release (5.1.1)
[!!!][TASK] Add support for PHP 7.4 (and drop support < PHP 7.2)
[!!!][FEATURE] Add support for TYPO3 11 (and drop support < TYPO3 9.5)
[BUGFIX] Allow symlinks in subfolders - GH#50 (thanks to bmack for reporting and fixing this)
[BUGFIX] Define extension key in composer.json - GH#52 (thanks to jpgreth for reporting and fixing this)

2020-10-10 Andreas Beutel - Version 5.6.4¶

[TASK] Update pMA to the latest stable 4.9.x release (4.9.6)
[SECURITY] Includes moderate vendor security fixes
PMASA-2020-5: XSS relating to the transformation feature
PMASA-2020-6: SQL injection vulnerability in SearchController
[BUGFIX] Show all available databases in left panel - GH #45 (thanks to Michael Schams for the contribution)

2020-07-19 Andreas Beutel - Version 5.6.3¶

[BUGFIX] Resolve dropped PATH_typo3 for TYPO3 10.x - GH #44 (thanks to Alexander Nitsche for the contribution)

2020-03-23 Andreas Beutel - Version 5.6.2¶

[TASK] Update pMA to the latest stable 4.9.x release (4.9.5)
[SECURITY] Includes moderate vendor security fixes
PMASA-2020-2: SQL injection with processing username
PMASA-2020-3: SQL injection relating to searching
PMASA-2020-4: SQL injection relating to data display

2020-02-12 Andreas Beutel - Version 5.6.1¶

[BUGFIX] Use proper Uppercase Vendor name for registerModule()

2020-02-10 Andreas Beutel - Version 5.6.0¶

[BUGFIX] Vendor name must begin with Capital letter - GH#37 (thanks to ashupatel1990 for reporting this)
[TASK] Update release notes of 5.5.0 release to include reference to PMASA-2019-5 fixed in 4.9.2

2020-02-08 Andreas Beutel - Version 5.5.0¶

[TASK] Update pMA to the latest stable 4.9.x release (4.9.4)
[SECURITY] Includes serious vendor security fix
PMASA-2020-1: SQL injection in user accounts page
PMASA-2019-5: SQL injection in Designer feature

2019-08-03 Andreas Beutel - Version 5.4.0¶

[FEATURE] Mark pMA compatible with TYPO3 10.x

2019-06-09 Andreas Beutel - Version 5.3.0¶

[CHANGE] Rename js/vendor/ to js/pma-vendor
[TASK] Update pMA to the latest stable 4.9.x release (4.9.0.1)
[SECURITY] Includes serious vendor security fixes
PMASA-2019-3: SQL injection in Designer feature
PMASA-2019-4: CSRF vulnerability in login form

2019-06-07 Andreas Beutel - Version 5.2.7¶

[CHANGE] Update documentation for new rendering process

2019-02-07 Andreas Beutel - Version 5.2.6¶

[BUGFIX] Re-enable scrolling for pMA in TYPO3 Backend - #84529 (thanks to Renzo Bauen and Jürg Blaser for the contributions)

2019-01-26 Andreas Beutel - Version 5.2.5¶

[FEATURE] Mark pMA compatible with TYPO3 9 LTS and PHP 7.2
[TASK] Update pMA to the latest stable 4.8.x release (4.8.5)
[SECURITY] Includes serious vendor security fixes
PMASA-2019-1: Arbitrary file read vulnerability
PMASA-2019-2: SQL injection in Designer feature

2018-12-11 Andreas Beutel - Version 5.2.4¶

[TASK] Update pMA to the latest stable 4.8.x release (4.8.4)
[SECURITY] Includes severe vendor security fixes
PMASA-2018-6: Local file inclusion through transformation feature
[SECURITY] Includes vendor security fix of moderate severity
PMASA-2018-8: XSS vulnerability in navigation tree
PMASA-2018-7: XSRF/CSRF vulnerability in phpMyAdmin

2018-11-26 Andreas Beutel - Version 5.2.3¶

[TASK] Update pMA to the latest stable 4.8.x release (4.8.3)
[SECURITY] Includes critical vendor security fixes
PMASA-2018-2: CSRF vulnerability allowing arbitrary SQL execution
[SECURITY] Includes severe vendor security fixes
PMASA-2018-4: File inclusion and remote code execution attack
[SECURITY] Includes vendor security fix of moderate severity
PMASA-2018-3: XSS in Designer feature
PMASA-2018-5: XSS in the import dialog

2018-02-25 Andreas Beutel - Version 5.2.2¶

[TASK] Update pMA to the latest stable 4.7.x release (4.7.8)
[SECURITY] Includes vendor security fix of moderate severity
PMASA-2018-1: Self XSS in central columns feature

2018-01-01 Andreas Beutel - Version 5.2.1¶

[TASK] Update pMA to the latest stable 4.7.x release (4.7.7)
[SECURITY] Includes critical vendor security fixes
PMASA-2017-9: XSRF/CSRF vulnerability in phpMyAdmin
[SECURITY] Includes non-critical vendor security fixes
PMASA-2017-8: Bypass $cfg['Servers'][$i]['AllowNoPassword']

2017-07-21 Andreas Beutel - Version 5.2.0¶

[!!!][TASK] Refactor BE Module for TYPO3 8.x compatibility (thanks to Sven Juergens for the contribution)
[TASK] Update pMA to the latest stable 4.7.x release (4.7.3)

2017-01-31 Andreas Beutel - Version 5.1.9¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.15.10)
[SECURITY] Includes non-critical vendor security fixes
PMASA-2017-7: DOS in replication status
PMASA-2017-6: SSRF in replication
PMASA-2017-5: Cookie attribute injection attack
PMASA-2017-4: CSS injection in themes
PMASA-2017-3: DOS vulnerability in table editing
PMASA-2017-1: Open redirect
[SECURITY] Includes minor vendor security fixes
PMASA-2017-2: php-gettext code execution

2016-11-30 Andreas Beutel - Version 5.1.8¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.15.9)
[SECURITY] Includes vendor security fixes
PMASA-2016-58: Unsafe generation of $cfg['blowfish_secret']
PMASA-2016-59: phpMyAdmin's phpinfo functionality is removed
PMASA-2016-60: AllowRoot and allow/deny rule bypass with specially-crafted username
PMASA-2016-61: Username matching weaknesses with allow/deny rules
PMASA-2016-62: Possible to bypass logout timeout
PMASA-2016-63: Full path disclosure (FPD) weaknesses
PMASA-2016-64: Multiple XSS weaknesses
PMASA-2016-65: Multiple denial-of-service (DOS) vulnerabilities
PMASA-2016-66: Possible to bypass white-list protection for URL redirection
PMASA-2016-69: Multiple SQL injection vulnerabilities
PMASA-2016-70: Incorrect serialized string parsing
PMASA-2016-71: CSRF token not stripped from the URL

2016-08-17 Andreas Beutel - Version 5.1.7¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.15.8)
[SECURITY] Includes critical vendor security fixes
PMASA-2016-56: Remote code execution vulnerability when PHP is running with dbase extension
PMASA-2016-54: Remote code execution vulnerability when run as CGI
PMASA-2016-52: ArbitraryServerRegexp bypass
PMASA-2016-45: DOS attack with forced persistent connections
[SECURITY] Includes serious vendor security fixes
PMASA-2016-53: Denial of service (DOS) attack by changing password to a very long string
PMASA-2016-47: IPv6 and proxy server IP-based authentication rule circumvention
PMASA-2016-42: SQL injection attack as control user
PMASA-2016-39: SQL injection attack
PMASA-2016-37: Path traversal with SaveDir and UploadDir
PMASA-2016-36: Local file exposure through symlinks with UploadDir
PMASA-2016-35: Local file exposure
PMASA-2016-34: SQL injection attack
PMASA-2016-29: Weakness with cookie encryption
PMASA-2016-22: DOS attack
PMASA-2016-21: Multiple XSS vulnerabilities
[SECURITY] Includes moderate vendor security fixes
PMASA-2016-51: Reflected File Download attack
PMASA-2016-50: Referrer leak in url.php
PMASA-2016-49: Bypass URL redirect protection
PMASA-2016-46: Denial of service (DOS) attack by for loops
PMASA-2016-43: Unvalidated data passed to unserialize()
PMASA-2016-32: PHP code injection
PMASA-2016-30: Multiple XSS vulnerabilities
PMASA-2016-28: Referrer leak in transformations
PMASA-2016-27: Unsafe handling of preg_replace parameters
PMASA-2016-26: Multiple XSS vulnerabilities
PMASA-2016-23: Multiple full path disclosure vulnerabilities
PMASA-2016-19: SQL injection attack
[SECURITY] Includes non-critical vendor security fixes
PMASA-2016-55: Denial of service (DOS) attack with dbase extension
PMASA-2016-48: Detect if user is logged in
PMASA-2016-41: Denial of service (DOS) attack in transformation feature
PMASA-2016-38: Multiple XSS vulnerabilities
PMASA-2016-33: Full path disclosure
PMASA-2016-17: BBCode injection vulnerability

2016-05-27 Andreas Beutel - Version 5.1.6¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.15.6)
[SECURITY] Includes non-critical vendor security fixes
PMASA-2016-11: Multiple XSS vulnerabilities
PMASA-2016-12: Multiple XSS vulnerabilities
PMASA-2016-16: Self XSS

2016-01-28 Andreas Beutel - Version 5.1.5¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.15.3)
[SECURITY] Includes critical vendor security fixes
PMASA-2016-5: Unsafe comparison of XSRF/CSRF token
[SECURITY] Includes non-critical vendor security fixes
PMASA-2015-6: Full path disclosure vulnerability
PMASA-2016-1: Multiple full path disclosure vulnerabilities
PMASA-2016-2: Unsafe generation of XSRF/CSRF token
PMASA-2016-3: Multiple XSS vulnerabilities
PMASA-2016-4: Insecure password generation in JavaScript
PMASA-2016-6: Multiple full path disclosure vulnerabilities
PMASA-2016-7: XSS vulnerability in normalization page
[FEATURE] Provide composer.json (thanks to André Wuttig for the contribution)

2015-11-01 Andreas Beutel - Version 5.1.4¶

[BUGFIX] Update version number in vendor path and Settings.xml

2015-10-31 Andreas Beutel - Version 5.1.3¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.15.1)
[CHANGE] Set TYPO3 compatibility for 6.2 to 7.6
[SECURITY] Includes a vendor security fix
PMASA-2015-5: Content spoofing vulnerability when redirecting user to an external site

2015-09-29 Andreas Beutel - Version 5.1.2¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.15)
[CHANGE] Set TYPO3 compatibility for 6.2 to 7.5

2015-08-24 Andreas Beutel - Version 5.1.1¶

[BUGFIX] Fix wrong module path in config.inc.php - #69298
[CHANGE] Rename variable keys from typo_ to typo3_
[TASK] Update pMA to the latest stable 4.4.x release (4.4.14)

2015-08-10 Andreas Beutel - Version 5.1.0¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.13.1)
[CHANGE] Set TYPO3 compatibility for 6.2 to 7.4

2015-07-13 Andreas Beutel - Version 5.0.1¶

[BUGFIX] Remove deprecated conf.php file and update ext_tables.php to prevent duplicate configuration - #68065
[CHANGE] Update documentation and add new screenshot and fix some spelling errors

2015-07-12 Andreas Beutel - Version 5.0.0¶

[FEATURE] Release of version 5.0.0 stable
[TASK] Update pMA to the latest stable 4.4.x release (4.4.11)

2015-06-20 Andreas Beutel - Version 5.0.0-dev¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.10)
[CHANGE] Set TYPO3 compatibility for 6.2 to 7.3
[!!!][CHANGE] Switch to mysqli for database connection
[CHANGE] Drop unsupported configuration pMA directives
[FEATURE] Support of mysql socket connections if configured in TYPO3
[CHANGE] Code cleanup in backend module
[CHANGE] Move localization to XLIFF

2015-05-26 Andreas Beutel - Version 5.0.0-dev¶

[FEATURE] Add check for $GLOBALS['PHP_UNIT_TEST_RUNNING'] in class tx_phpmyadmin_utilities to disable session and cookie handling if PHP Unit Tests are in progress using createFakeFrontEnd(). Set $GLOBALS['PHP_UNIT_TEST_RUNNING'] = TRUE; in your Unit Test in the setUp() method of the unit test.

2015-05-25 Andreas Beutel - Version 5.0.0-dev¶

[TASK] Update pMA to the latest stable 4.4.x release (4.4.7)
[CHANGE] Set TYPO3 compatibility for 6.2 to 7.2

2015-05-26 Andreas Beutel - Version 4.19.1¶

Feature: Add check for $GLOBALS['PHP_UNIT_TEST_RUNNING'] in class tx_phpmyadmin_utilities to disable session and cookie handling if PHP Unit Tests are in progress using createFakeFrontEnd (). Set $GLOBALS['PHP_UNIT_TEST_RUNNING'] = TRUE; in your Unit Test in the setUp() method of the unit test.

2015-05-23 Andreas Beutel - Version 4.19.0¶

[TASK] Update pMA to the latest stable 4.0.x release (4.0.10.10)
[SECURITY] Includes several security fixes
PMASA-2015-3: Vulnerability allowing man-in-the-middle attack on API call to GitHub.
PMASA-2015-2: XSRF/CSRF vulnerability in phpMyAdmin setup.
PMASA-2015-1: Risk of BREACH attack due to reflected parameter.
[BUGFIX] Add extension configuration to disable transparent session ids to fix bugs in JSON output – see https://forge.typo3.org/issues/58263 - thanks to Stefan Froemken for providing this fix
[CHANGE] Remove obsolete configuration option »AjaxEnable« (no longer available in pMA)
[CHANGE] Switch documentation to reST

2014-12-05 Andreas Beutel - Version 4.18.5¶

[TASK] Update pMA to the latest stable 4.0.x release (4.0.10.5)
[SECURITY] Includes several security fixes
PMASA-2014-13: Multiple XSS vulnerabilities.
PMASA-2014-14: Local file inclusion vulnerability.
PMASA-2014-17: DoS vulnerability with long passwords.

2014-11-01 Andreas Beutel - Version 4.18.4¶

[TASK] Update pMA to the latest stable 4.0.x release (4.0.10.5)
[SECURITY] Includes several security fixes
PMASA-2014-11: XSS vulnerabilities in table search and table structure pages.
PMASA-2014-12: XSS vulnerabilities in SQL debug output and server monitor page.

2014-09-25 Andreas Beutel - Version 4.18.3¶

[TASK] Update pMA to the latest stable 4.0.x release (4.0.10.3)
[SECURITY] Includes several security fixes
PMASA-2014-10: XSRF/CSRF due to DOM based XSS in the micro history feature
PMASA-2014-8: Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages

2014-07-20 Andreas Beutel - Version 4.18.2¶

[TASK] Update pMA to the latest stable 4.0.x release (4.0.10.1)
[SECURITY] Includes non-critical security fixes
PMASA-2014-5: Self-XSS due to unescaped HTML output in database triggers page.
PMASA-2014-6: Multiple XSS in AJAX confirmation messages.
[FEATURE] #56522: Do not remove PL language on packaging for T3O

2014-03-03 Andreas Beutel - Version 4.18.1¶

[CHANGE] Set TYPO3 6.2 compatibility

2014-01-31 Andreas Beutel - Version 4.18.0¶

[CHANGE] Set TYPO3 6.1 compatibility
[TASK] Update pMA to the stable release (4.0.10)

2013-09-01 Andreas Beutel - Version 4.17.0¶

[FEATURE] #51384: Add EM-config option to disable Ajax in pMA (thanks to Gabriel Kaufmann for the suggestion)

2013-07-29 Andreas Beutel - Version 4.16.0¶

[TASK] Update pMA to the latest stable release (3.5.8.2)
[SECURITY] Includes several security fixes
PMASA-2013-15: SQL injection vulnerabilities, producing a privilege escalation (control user).
PMASA-2013-14: Self-XSS due to unescaped HTML output in schema export.
PMASA-2013-12: Full path disclosure vulnerabilities.
PMASA-2013-11: If a crafted version.json would be presented, an XSS could be introduced.
PMASA-2013-9: 5 XSS vulnerabilities in setup, chart display, process list, and logo link.

2013-03-11 Andreas Beutel - Version 4.15.1¶

[BUGFIX] #46165: Wrong include files can be used (thanks to Dmitry Dulepov for reporting the issue and providing the patch!)

2012-11-28 Andreas Beutel - Version 4.15.0¶

[CHANGE] Set TYPO3 6.0 compatibility
[TASK] Update pMA to the latest stable release (3.5.4)
[BUGFIX] #42517: Typo3 6.0 - 'backend required' error

2012-08-13 Andreas Beutel - Version 4.14.0¶

[TASK] Update pMA to the latest stable release (3.5.2.2)
[BUGFIX] #18560: Every first BE-Login fails (thanks to Markus Kappe for a patch and the others for testing)
[SECURITY] Includes non-critical security fixes
PMASA-2012-3: Path disclosure due to missing library.
PMASA-2012-4: Fixed XSS vulnerabilities.

2012-03-31 Andreas Beutel - Version 4.13.0¶

[TASK] Update pMA to the latest stable release (3.4.10.2)
[BUGFIX] #18245: phpmyadmin 4.11.3 - Error on first Access after login (thanks to Jerome Schneider for the patch!)

2012-02-14 Andreas Beutel - Version 4.12.0¶

[TASK] Update pMA to the latest stable release (3.4.10)

2011-12-22 Andreas Beutel - Version 4.11.10¶

[TASK] Update pMA to the latest stable release (3.4.9)
[SECURITY] Non-critical security fixes
PMASA-2011-20: XSS in export.

2011-11-10 Andreas Beutel - Version 4.11.9¶

[TASK] Update pMA to the latest stable release (3.4.7.1)
[SECURITY] Security fixes
PMASA-2011-17: Local file inclusion.

2011-10-23 Andreas Beutel - Version 4.11.8¶

[TASK] Update pMA to the latest stable release (3.4.7)
Version number 4.11.7 was skipped due an erroneous upload in EM

2011-10-16 Andreas Beutel - Version 4.11.6¶

[TASK] Update pMA to the latest stable release (3.4.6)
[SECURITY] Security fixes
PMASA-2011-15: Local path disclosure vulnerability
PMASA-2011-16: XSS in setup (host/verbose parameter)

2011-09-14 Andreas Beutel - Version 4.11.5¶

[TASK] Update pMA to the latest stable release (3.4.5)
[SECURITY] Security fixes
PMASA-2011-14: Multiple XSS

2011-08-24 Andreas Beutel - Version 4.11.4¶

[TASK] Update pMA to the latest stable release (3.4.4)
[SECURITY] Security fixes
PMASA-2011-13: Multiple XSS in the Tracking feature

2011-07-23 Andreas Beutel - Version 4.11.3¶

[TASK] Update pMA to the latest stable release (3.4.3.2)
[SECURITY] Security fixes
PMASA-2011-9: XSS in table Print view
PMASA-2011-10: Local file inclusion
PMASA-2011-11: Local file inclusion vulnerability and code execution
PMASA-2011-12: Possible session manipulation in swekey authentication

2011-07-03 Andreas Beutel - Version 4.11.2¶

[TASK] Update pMA to the latest stable release (3.4.3.1)
[SECURITY] Security fixes
PMASA-2011-5: Fixed possible session manipulation in swekey authentication
PMASA-2011-6: Fixed possible code injection incase session variables are compromised
PMASA-2011-7: Fixed regexp quoting issue in Synchronize code

2011-05-23 Andreas Beutel - Version 4.11.1¶

[BUGFIX] Fixed #18148: Configuration: Allowed IPs doesn't work

2011-05-21 Andreas Beutel - Version 4.11.0¶

[TASK] Update pMA to the latest stable release (3.4.1)
[SECURITY] Security fix (PMASA-2011-3)

2011-03-07 Andreas Beutel - Version 4.10.3¶

[CHANGE] Implemented #15492: 'doNotLoadInFE' => 1 in EM_CONF

2011-03-07 Andreas Beutel - Version 4.10.2¶

[BUGFIX] Fixed #17850: Using t3lib_div::cmpIP for access control

2011-02-26 Andreas Beutel - Version 4.10.0¶

[TASK] Update pMA to the latest stable release (3.3.9.2)
[FEATURE] IP-Access restrictions in extension configuration (Thanks to Søren Malling!)
[FEATURE] TYPO3 4.5 compatibility
[CHANGE] Disabled the TYPO3 theme until next update

2010-08-20 Andreas Beutel - Version 4.9.0¶

[SECURITY] Security fix (PMASA-2010-5 and TYPO3-SA-2010-017): Several XSS vulnerabilities were found in the code.
[TASK] Update pMA to the latest stable release (3.3.5.1)

2010-07-28 Andreas Beutel - Version 4.8.1¶

[SECURITY] Critical security fix for broken backend permission check

2010-03-05 Andreas Beutel - Version 4.8.0¶

[TASK] Update pMA to the latest stable release (3.2.5)
[BUGFIX] Fixed #13481: Get signon uri for redirect (initial patch provided by Michael Klapper, thanks!)
[BUGFIX] Follow-up/Changed: Using vars $extPath and $typo3DocumentRoot

2009-11-26 Andreas Beutel - Version 4.7.3¶

[FEATURE] Feature #12678: Allow empty password for MySQL user.

2009-11-26 Andreas Beutel - Version 4.7.2¶

[BUGFIX] Fixed #12772: Removed erroneous require statement

2009-11-25 Andreas Beutel - Version 4.7.1¶

[BUGFIX] Fixed a bug: Fixed another issue with path calculation (works now for installations in subdirectories)
[FEATURE] Compatibility for TYPO3 4.3

2009-11-19 Andreas Beutel - Version 4.7.0¶

[BUGFIX] Fixed #12056: Wrong calculation of $BACK_PATH
[BUGFIX] Workaround for #12057: Empty MySQL password blocks EXT:phpmyadmin
[TASK] Update pMA to the latest stable release (3.2.3)
[FEATURE] Added custom TYPO3 theme

2009-11-19 Andreas Beutel - Version 4.6.0¶

– was erroneously omitted during update and released as 4.7.0

2009-10-20 Andreas Beutel - Version 4.5.0¶

[SECURITY] Security fix (PMASA-2009-6): XSS and SQL injection vulnerabilities
[TASK] Update pMA to the latest stable release (3.2.2.1)
[TASK] Update the manual to latest documentation template

2009-06-15 Andreas Beutel - Version 4.4.0¶

[TASK] Update pMA to the latest stable release (3.2.0)
[BUGFIX] Fixed a bug: Logoff in 4.3.x did not work since directory name was wrong

2009-03-24 Andreas Beutel - Version 4.3.0¶

[SECURITY] Security fix (PMASA-2009-3): Insufficient output sanitizing when generating configuration file.
[TASK] Update pMA to the latest stable release (3.1.3.1)

2008-12-14 Andreas Beutel - Version 4.2.0¶

[SECURITY] Security fix (PMASA-2008-10): SQL injection through XSRF on several pages
[TASK] Update pMA to the latest stable release (3.1.1)
[CHANGE] Changed extension config: Set 'clearcacheonload' to 0
[CHANGE] Renamed ChangeLog to ChangeLog.txt

2008-11-01 Andreas Beutel - Version 4.1.1¶

[SECURITY] Security fix (PMASA-2008-9): XSS in a Designer component
[TASK] Update pMA to the latest stable release (3.0.1.1)
[FEATURE] Configuration: Restored the default behavior of the left navigation frame. Set link to sql.php - Thanks to Julian Hofman for pointing me to this option.

2008-10-25 Andreas Beutel - Version 4.1.0¶

[CHANGE] Updated pMA to the latest stable release (3.0.1)
[BUGFIX] Fixed bug #6934: Setting the path variables in SESSION to avoid file includes
[FEATURE] Changed extension to use typo3/mod.php. See also http://bugs.typo3.org/view.php?id=5278

2008-10-02 Andreas Beutel - Version 4.0.1¶

[BUGFIX] Trying to fix the redirect bug by a forcing the cookie according to issue #8884 http://bugs.typo3.org/view.php?id=8884#c23323 suggested by Rene Nitzsche

2008-09-28 Andreas Beutel - Version 4.0.0¶

[TASK] Update pMA to the latest stable release (3.0.0)
[CHANGE] Branching the pMA extension into two branches: The 3.x series with PHP4 support and the 4.x series with a minimum requirement of MySQL 5, PHP5 (5.2 and above)
[CHANGE] Old (3.x) versions may be obtained at https://www.mehrwert.de/content-management/typo3-extensions/

2008-09-22 Andreas Beutel - Version 3.4.0¶

[SECURITY] Security fix (PMASA-2008-8): XSS in MSIE using NUL byte
[TASK] Update pMA to the latest stable release (2.11.9.2)

2008-09-15 Andreas Beutel - Version 3.3.0¶

Skipping 3.2.0 see below
[SECURITY] Security fix (PMASA-2008-7): Code execution vulnerability
[TASK] Update pMA to the latest stable release (2.11.9.1)

2008-06-25 Andreas Beutel - Version 3.1.0¶

was release as 3.2.0 by the TYPO3 Security Team by accident
[SECURITY] Security fix (PMASA-2008-4): XSS on plausible insecure PHP installation
[CHANGE] Updated pMA to the latest stable release (2.11.7)
[CHANGE] Changed handling of required/included files
[CHANGE] Removed XCLASS call in modsub/index.php

2008-05-01 Andreas Beutel - Version 3.0.1¶

Fixed a bug related to required files (only occurred if pMA is installed globally). Thanks to Laurent for pointing me to this issue

2008-04-30 Andreas Beutel - Version 3.0.0¶

[CHANGE] Updated pMA to the latest stable release (2.11.6)
[CHANGE] Changed the authentication concept for pMA
[CHANGE] Using signon auth (see http://wiki.cihar.com/pma/auth_types#signon) now (Thanks to Marc Bastian Heinrichs for pointing me to this method)
[CHANGE] Added a call to the TYPO3 BE logoff hook to delete the pMA session on logout
[CHANGE] Updated the version number

2007-07-16 Andreas Beutel - Version 0.2.2¶

Security fix (mehrwert-Issue #4110): Provides exactly the same functionality as the previous version but contains an important bug fix.

2007-02-10 Andreas Beutel - Version 0.2.1¶

[CHANGE] Merged changes from latest release of the global extension (from T3 3.8.1)
[CHANGE] Updated phpMyAdmin to 2.6.4pl3 for security reasons
[CHANGE] Extension is no longer a shy extension
[CHANGE] Removed lock type GLOBAL, extension can be installed locally
[CHANGE] Merged new translations

2006-09-10 Andreas Beutel - Version 0.1.1¶

[CHANGE] Pre-release of 2.6.4pl3

2006-08-16 Andreas Beutel - Version 0.1.0¶

[CHANGE] Updated the phpMyAdmin version to 2.6.0pl3 and fixed the stylesheet bug
[CHANGE] Merged translations

2005-11-09 Michael Stucki¶

[CHANGE] New upstream release
[CHANGE] Check server environment settings using isset() - caused phpMyAdmin module to stop loading otherwise