diff options
-rw-r--r-- | ChangeLog | 14 | ||||
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | doc/conf.py | 2 | ||||
-rw-r--r-- | libraries/Config.class.php | 2 |
4 files changed, 16 insertions, 4 deletions
@@ -1,8 +1,20 @@ phpMyAdmin - ChangeLog ====================== -4.0.10.18 (not yet released) +4.0.10.18 (2016-11-24) - issue #12485 Do not show warning about short blowfish_secret if none is set +- issue [security] Open redirection issue, see PMASA-2016-57 +- issue [security] Unsafe generation of $cfg['blowfish_secret'], see PMASA-2016-58 +- issue [security] phpMyAdmin's phpinfo functionality is removed, see PMASA-2016-59 +- issue [security] AllowRoot and allow/deny rule bypass with specially-crafted username, see PMASA-2016-60 +- issue [security] Username matching weaknesses with allow/deny rules, see PMASA-2016-61 +- issue [security] Full path disclosure (FPD) weaknesses, see PMASA-2016-63 +- issue [security] Multiple cross-site scripting (XSS) weaknesses, see PMASA-2016-64 +- issue [security] Multiple denial-of-service (DOS) vulnerabilities, see PMASA-2016-65 +- issue [security] Possible to bypass white-list protection for URL redirection, see PMASA-2016-66 +- issue [security] Multiple SQL injection vulnerabilities, see PMASA-2016-69 +- issue [security] Incorrect serialized string parsing, see PMASA-2016-70 +- issue [security] CSRF token not stripped from the URL, see PMASA-2016-71 4.0.10.17 (2016-08-16) - issue [security] Weaknesses with cookie encryption, see PMASA-2016-29 @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 4.0.10.17 +Version 4.0.10.18 A set of PHP-scripts to manage MySQL over the web. diff --git a/doc/conf.py b/doc/conf.py index a75e77b9d3..494711423c 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -49,7 +49,7 @@ copyright = u'2012 - 2013, The phpMyAdmin devel team' # built documents. # # The short X.Y version. -version = '4.0.10.17' +version = '4.0.10.18' # The full version, including alpha/beta/rc tags. release = version diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 7f16a654d2..2d98a8d8f0 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -102,7 +102,7 @@ class PMA_Config */ function checkSystem() { - $this->set('PMA_VERSION', '4.0.10.17'); + $this->set('PMA_VERSION', '4.0.10.18'); /** * @deprecated */ |