stable

phpMyAdmin-5.2.2-1.fc40

FEDORA-2025-c17ef0f176 created by remi a year ago for Fedora 40

phpMyAdmin 5.2.2 is released

Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below.

  • fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög)
  • fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird)
  • fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela)
  • fix possible security issue with library code slim/psr7 (CVE-2023-30536)
  • fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3)
  • fix a full path disclosure in the Monitoring tab
  • issue #18268 Fix UI issue the theme manager is disabled
  • issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
  • issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
  • issue #18106 Fix renaming database with a view
  • issue #18120 Fix bug with numerical tables during renaming database
  • issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0
  • issue #18258 Speed improvements when exporting a database
  • issue #18769 Improved collations support for MariaDB 10.10

There are many, many more fixes that you can see in the ChangeLog file included with this release or online

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-c17ef0f176

This update has been submitted for testing by remi.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

remi edited this update.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
approved
a year ago
Builds
1
phpMyAdmin-5.2.2-1.fc40
BZ#2328680 CVE-2023-44270 phpMyAdmin: Improper input validation in PostCSS [fedora-40]
0
0
BZ#2331101 CVE-2024-55565 phpMyAdmin: nanoid mishandles non-integer values [fedora-40]
0
0
BZ#2334290 CVE-2024-56522 phpMyAdmin: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-40]
0
0
BZ#2334295 CVE-2024-56519 phpMyAdmin: setSVGStyles does not sanitize the SVG font-family attribute [fedora-40]
0
0
BZ#2334299 CVE-2024-56521 phpMyAdmin: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-40]
0
0
BZ#2334343 CVE-2024-56527 phpMyAdmin: Error function lacks an htmlspecialchars call for the error message. [fedora-40]
0
0
phpMyAdmin-5.2.2-1.fc40

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-17-grt8c.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy