diff options
author | Isaac Bennetch <bennetch@gmail.com> | 2016-08-16 23:38:46 +0300 |
---|---|---|
committer | Isaac Bennetch <bennetch@gmail.com> | 2016-08-16 23:38:46 +0300 |
commit | b9a6a9993e175ff13375462333ce1139095d01e1 (patch) | |
tree | 540a7ed03dfda8d29423799f1c8f718cb9defbb6 | |
parent | 0f6b76b57844af5b43675c9ff5489d1a3a6baa63 (diff) |
Release 4.6.4RELEASE_4_6_4
Signed-off-by: Isaac Bennetch <bennetch@gmail.com>
-rw-r--r-- | ChangeLog | 39 | ||||
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | doc/conf.py | 2 | ||||
-rw-r--r-- | libraries/Config.php | 2 |
4 files changed, 41 insertions, 4 deletions
@@ -1,7 +1,44 @@ phpMyAdmin - ChangeLog ====================== -4.6.4 (not yet released) +4.6.4 (2016-08-16) +- issue [security] Weaknesses with cookie encryption, see PMASA-2016-29 +- issue [security] Improve session cookie code for openid.php and signon.php example files +- issue [security] Full path disclosure in openid.php and signon.php example files +- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-30 +- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-31 +- issue [security] Unsafe generation of BlowfishSecret (when not supplied by the user) +- issue [security] Referrer leak when phpinfo is enabled +- issue [security] PHP code injection, see PMASA-2016-32 +- issue [security] Full path disclosure, see PMASA-2016-33 +- issue [security] SQL injection attack, see PMASA-2016-34 +- issue [security] Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35 +- issue [security] Local file exposure through symlinks with UploadDir, see PMASA-2016-36 +- issue [security] Path traversal with SaveDir and UploadDir, see PMASA-2016-37 +- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-38 +- issue [security] SQL injection vulnerability as control user, see PMASA-2016-39 +- issue [security] SQL injection vulnerability, see PMASA-2016-40 +- issue [security] Denial-of-service attack through transformation feature, see PMASA-2016-41 +- issue [security] SQL injection vulnerability as control user, see PMASA-2016-42 +- issue [security] Verify data before unserializing, see PMASA-2016-43 +- issue [security] Use HTTPS for wiki links +- issue Remove Swekey support +- issue [security] SSRF in setup script, see PMASA-2016-44 +- issue [security] Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections, see PMASA-2016-45 +- issue [security] Improve SSL certificate handling +- issue [security] Fix full path disclosure in debugging code +- issue [security] Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47 +- issue [security] Detect if user is logged in, see PMASA-2016-48 +- issue [security] Bypass URL redirection protection, see PMASA-2016-49 +- issue [security] Referrer leak, see PMASA-2016-50 +- issue [security] Reflected File Download, see PMASA-2016-51 +- issue [security] ArbitraryServerRegexp bypass, see PMASA-2016-52 +- issue [security] Denial-of-service attack by entering long password, see PMASA-2016-53 +- issue [security] Remote code execution vulnerability when running as CGI, see PMASA-2016-054 +- issue [security] Administrators could trigger SQL injection attack against users +- issue [security] Denial-of-service attack when PHP uses dbase extension, see PMASA-2016-55 +- issue [security] Remove tode execution vulnerability when PHP uses dbase extension, see PMASA-2016-56 +- issue [security] Denial-of-service attack by using for loops, see PMASA-2016-46 - issue Include X-Robots-Tag header in responses - issue Enforce numeric field length when creating table - issue Fixed invalid Content-Length in some HTTP responses @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.6.4-dev +Version 4.6.4 A web interface for MySQL and MariaDB. diff --git a/doc/conf.py b/doc/conf.py index 03c053f595..b13b14e1f2 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -51,7 +51,7 @@ copyright = u'2012 - 2016, The phpMyAdmin devel team' # built documents. # # The short X.Y version. -version = '4.6.4-dev' +version = '4.6.4' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.php b/libraries/Config.php index c1ed5b67ba..eaa493705a 100644 --- a/libraries/Config.php +++ b/libraries/Config.php @@ -101,7 +101,7 @@ class Config */ public function checkSystem() { - $this->set('PMA_VERSION', '4.6.4-dev'); + $this->set('PMA_VERSION', '4.6.4'); /** * @deprecated */ |