From 8783113cec408ad9a81f17e3a97db6c4732e6164 Mon Sep 17 00:00:00 2001
From: Isaac Bennetch <bennetch@gmail.com>
Date: Thu, 24 Nov 2016 10:54:44 -0500
Subject: 4.0.10.18 release and ChangeLog

Signed-off-by: Isaac Bennetch <bennetch@gmail.com>
---
 ChangeLog                  | 14 +++++++++++++-
 README                     |  2 +-
 doc/conf.py                |  2 +-
 libraries/Config.class.php |  2 +-
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9b94e47eb6..73a5605f6b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,20 @@
 phpMyAdmin - ChangeLog
 ======================
 
-4.0.10.18 (not yet released)
+4.0.10.18 (2016-11-24)
 - issue #12485 Do not show warning about short blowfish_secret if none is set
+- issue        [security] Open redirection issue, see PMASA-2016-57
+- issue        [security] Unsafe generation of $cfg['blowfish_secret'], see PMASA-2016-58
+- issue        [security] phpMyAdmin's phpinfo functionality is removed, see PMASA-2016-59
+- issue        [security] AllowRoot and allow/deny rule bypass with specially-crafted username, see PMASA-2016-60
+- issue        [security] Username matching weaknesses with allow/deny rules, see PMASA-2016-61
+- issue        [security] Full path disclosure (FPD) weaknesses, see PMASA-2016-63
+- issue        [security] Multiple cross-site scripting (XSS) weaknesses, see PMASA-2016-64
+- issue        [security] Multiple denial-of-service (DOS) vulnerabilities, see PMASA-2016-65
+- issue        [security] Possible to bypass white-list protection for URL redirection, see PMASA-2016-66
+- issue        [security] Multiple SQL injection vulnerabilities, see PMASA-2016-69
+- issue        [security] Incorrect serialized string parsing, see PMASA-2016-70
+- issue        [security] CSRF token not stripped from the URL, see PMASA-2016-71
 
 4.0.10.17 (2016-08-16)
 - issue        [security] Weaknesses with cookie encryption, see PMASA-2016-29
diff --git a/README b/README
index b8aed22e16..74edb101c5 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 phpMyAdmin - Readme
 ===================
 
-Version 4.0.10.17
+Version 4.0.10.18
 
 A set of PHP-scripts to manage MySQL over the web.
 
diff --git a/doc/conf.py b/doc/conf.py
index a75e77b9d3..494711423c 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -49,7 +49,7 @@ copyright = u'2012 - 2013, The phpMyAdmin devel team'
 # built documents.
 #
 # The short X.Y version.
-version = '4.0.10.17'
+version = '4.0.10.18'
 # The full version, including alpha/beta/rc tags.
 release = version
 
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 7f16a654d2..2d98a8d8f0 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -102,7 +102,7 @@ class PMA_Config
      */
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '4.0.10.17');
+        $this->set('PMA_VERSION', '4.0.10.18');
         /**
          * @deprecated
          */
-- 
cgit v1.2.3