Upstream announcement:

Welcome to phpMyAdmin 4.9.1, a bugfix release.

This is a regularly-schedule bugfix release that also includes some security hardening measures.

We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of the team that the reported attack vector did not justify a separate release.

This release includes fixes for many bugs, including:

• Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer
• Compatibility issues with PHP 8
• Export of GIS visualization
• Enhanced descriptions for several collation types
• Creating a user with a single quote in the password string
• Unexpected quotes during import and export on text fields
• Improvements to adding new tables to Designer
• Fix an issue where an authenticated user could trigger heavy traffic between the database server and web server
• Fix a weakness where an attacker, under certain conditions, working at the same time as an administrator is using the setup script, could delete a server from the setup script

There are many, many more bug fixes thanks to the efforts of our developers, Google Summer of Code applicants, and other contributors.

The phpMyAdmin team