4.8.413 Dec 2018 07:25
Remove hash param in edit query URL.
in Changing theme.
Ensure that database names with '.' are handled properly when DisableIS is true.
Invisible Icon "Show Full Queries".
CSS in Designer.
Error while copying database (pma__column_info).
"No database selected" - DROP a view.
Move operation causes SELECT FROM `undefined`.
Enum '0' produces incorrect search SQL.
TypeError in database designer.
QBE selenium tests broken since merge of #13342.
When logging with cfg 'AuthLog' to syslog, successful login messages were not logged even if cfg 'AuthLogSuccess' was true.
infinite loop when sorting table rows by key.
Regression on multi table query functionality (foreign keys).
designer errors when database is empty.
designer errors when database contains special chars.
left/right icons hidden.
security Local file inclusion flaw in the Transformation feature (PMASA-2018-6).
security Multiple CSRF/XSRF vulnerabilities (PMASA-2018-7).
security XSS vulnerability in the navigation tree (PMASA-2018-8).
4.8.323 Aug 2018 03:15
Error when naming a database '0'.
NULL as default not shown.
with recent table list.
slow performance on DB structure filtering.
Editing server variable not showing save or cancel option.
Populate options for view create and edit.
FA configuration fails if PHP doesn't have GD support.
Can't unhide tables.
"Visualize GIS data" icon missing.
Event scheduler status toggle doesn't work.
View not working on multiple servers.
Partition actions in table structure do not work.
ERR_BLOCKED_BY_XSS_AUDITOR on export table.
Blank message shown instead of MySQL error when adding trigger and other locations.
PHP 7.3 warning: "continue" in "switch" is equal to "break".
Icon missing when creating a new trigger, routine, and event.
Table comment not showing since 4.8.1.
Drop table doesn't work when you copy tables to another database.
Escaped HTML in 'Add a new server' setup.
security HTML injection in import warning messages, see PMASA-2018-5.
4.8.224 Jun 2018 03:45
WHERE 0 causes Fatal error.
Missing index icon.
security XSS vulnerability in Designer, see PMASA-2018-3.
security File inclusion and remote code execution vulnerability, see PMASA-2018-4.
4.8.126 May 2018 08:25
case where the central columns attributes don't get filled in.
case where the query builder doesn't work when selected column is *.
Revert "Browse" table CSS overflow.
Dropping indexes and foreign keys fail.
Relational linking broken.
error in configuration storage zero config.
Show 2FA Secret next to QR code.
XML Export from single table throws fatal error.
Line and some other charts ignore result set order of values chosen for the x-axis.
configuration for DefaultLang and Lang.
Linking for 'Distinct values' broken.
MariaDB 10.2 current_timestamp().
for missing go button in view edit.
for with spatial fields.
Remember table's sorting broken.
central columns in-line edit - AUTO_INCREMENT error when only exporting table structure in database-level exports.
Simulating queries produces unexpected results.
Setup script icons missing.
4.8.009 Apr 2018 03:15
Allow to export JSON with unescaped unicode chars.
Disable login button without solved reCaptcha.
Allow to remove individual segments from pie charts.
Change label from "Improve table structure" to "Normalize" to match standard terminology.
Offer login as different user on access denied from MySQL.
Indicate when HTTPS is not properly reported on the server.
No database selected error when adding foreign key.
Improved database search to allow search for exact phrase match.
Report error when trying to copy database to same name.
Themes now have to contain metadata in theme.json.
phpMyAdmin no longer requires eval() in PHP.
The mbstring dependency is now optional.
Small refactoring in preparation to CSP.
Database link broken in Databases Page.
Configurable authentication logging using cfg 'AuthLog' .
Add support for Google Invisible Captcha.
Improved error reporting for reCAPTCHA.
Improved rendering of server variables table.
alignment of foreign keys editing.
Improved inline editor for JSON.
Improved layout of operations pages.
Add "format" query button in edit view form.
Implement Responsive Design/mobile interface.
Use a single location for classes under PhpMyAdmin namespace.
Indicate SSL status on main page.
Configuration directives for defaults of Transformation options.
Show MySQL warnings when executing SQL queries.
Allow Designer to show tables from other databases.
Replace Query-By-Example with multi-table query generator interface.
Add privileges export to per-database listing.
Consolidate functions into class files.
Add support for changing collation for all tables and columns in database.
Add support for creating fulltext index from table structure.
Lower default value for cfg 'MaxExactCount' .
DisableIS is not fully honored.
Added support for authentication using U2F and 2FA.
Avoid removing cookies on upgrade.
Remember state of navigat
4.7.906 Mar 2018 03:15
Browsing tables with more results.
"Not an integer" when browsing a table.
"Input variables exceeded 1000" error relating to PHP's max_input_vars directive.
4.7.823 Feb 2018 03:15
Resetting default setting values.
Fallback value for collation connection.
Error handling in PHP 7.2.
security XSS in Central Columns Feature, See PMASA-2018-01.
4.7.709 Jan 2018 08:45
displaying of formatted numeric values for some locales.
Ensure datetimepicker is always loaded for datetime fields.
PHP error when browsing certain results.
security XSRF/CSRF vulnerability, see PMASA-2017-09.
4.7.602 Dec 2017 03:15
check all interaction with filtering.
Add SJIS-win to default list of allowed charsets.
Improve detection that MySQL server needs SSL connection.
Support JSON datatype on MariaDB 10.2.7 and newer.
constructing ALTER query with AFTER.
Lock page when changes are done in the SQL editor.
Prefer iconv for encoding conversions.
changing password on MariaDB cluster.
4.7.524 Oct 2017 03:15
Avoid problems with browsing unknown query types.
Integrate tooltip into datetime pickers.
Server monitor on non Linux and Windows systems.
Reload javscript messages when changing language.
Crash on invalid ordering data.
Error when browsing non SELECT results.
Saving column to display.
Export of tables with VIRTUAL columns.
Selecting multiple rows accidentally selects the next row too.
Edit index Column alignment - rendering of add index dialog.
Possible error in server advisor.
Setting input transformations.
IPv4/IPv6 To Binary input transformation.
Clicking on column name to trigger sort with an active search leads to logout.
Copying tables with specific PARTITION definition.
Listing of bookmarks for a database.
4.7.425 Aug 2017 06:05
Remove shadow from the logo.
Per server theme feature.
Missing newline in ALTER exports.
Several compatibility with PHP 7.2.
Copy results to clipboard.
Add limitation for user group length.
Edit variable link in advisor.
Optimize table link should not be visible in print page.
Improved error handling on corrupted tables.
Rendering of add index dialog.
Refreshing server variables.
4.7.322 Jul 2017 03:15
Large multi-line query removes Export operation and blanks query box options.
Rendering of query results.
Version check when not connected to a database.
Export without backquotes.
Improved handling of uploaded files with open_basedir.
Inline editing of hex values.
Size of index edit dialog.
Rendering SQL lint errors.
Avoid breakage if set_time_limit is disabled.
Fail if ini_set/ini_get are disabled.
Automatically connect using SSL when server is configured so.
Usage of some browser transformations.
4.7.201 Jul 2017 06:25
Make theme selection keep current server.
Direct login for accounts without password.
Check for mbstring.func_overload.
Wrong encoding of table at triggers.
Natural sorting in several places.
Show warning for users removed from mysql.user table.
Improved documentation on user settings.
Gracefully handle early fatal errors in AJAX requests.
Incorrect NavigationTreeEnableExpansion default value in the documentation.
Export of database with a lot of tables.
Improved performance when importing with enabled tracking.
Avoid PHP errors with non existing configuration on OS X.
Show only supported charsets for conversion.
Operation with session.auto_start enabled.
"Create PHP code" is broken.
Links to resume timeouted import.
4.7.102 Jun 2017 03:15
Always execute tracking queries as controluser.
Focus on SQL editor after inserting field name.
Broken links in setup.
Database list Tooltips: Show wrong value.
Pagination while browsing resuls.
Outbound links in changelog.php.
Do not include devel dependencies in the release.
Do not show New as a database in database dropdown.
Handling of errors in AJAX requests.
PHP error in case of invalid table preferences.
PHP error on password change.
Refresh of Process List.
Refresh of long queries.
Improved handling of logout with disabled LoginCookieDeleteAll.
Add support for MySQL 8.0 collations.
Rendering of phpMyAdmin logos.
Properly report not working sessions.
Password check on server replication.
Grid editing time column.
Detection of Amazon RDS.
Redirect user to last page that has any tables to display.
Link to User accounts overview page.
Error in query builder.
Grid editing repeats action after error.
4.7.031 Mar 2017 03:15
patch #12233 Display Improve message when renaming database to same name.
Log authentication attempts to syslog.
Remove support for Swekey authentication.
Remove code for no longer supported MSIE versions.
Remove embedded PHP libraries, use composer to install them.
Cannot easily select multiple tables when exporting.
More compact rendering of navigation tree.
Improve performance with SkipLockedTables.
Do not hide indexes under a slider.
Improve performance of zip file import.
Removed cfg 'ThemePath' .
Add support for export user settings as config.inc.php snippet.
Better report query errors while generating SQL exports.
Produce valid JSON on export.
Setup script icons broken.
Support IPv6 proxies.
Removed MySQL connection retry without password.
Allow to specify further parameters for control connection.
Show charset for each table on Database structure page.
Incorrect link in the href of icon at Hide/Show unhide links.
Shortcut for closing console.
Improved handling of http requests.
Broken links in Setup forms Navigation.
Can't add a new User.
Add 'token' Parameter in all POST requests ('Token mismatch' errors).
Improved usage of number_format.
Server selection not working.
NULL results in dataset are colored grey.
Create Bookmark broken.
Use unsigned int for storing bookmark ID.
Added password strength indicator.
Correctly handle HTTP status when doing requests.
Add option to delete settings from browser storage.
Remove unused PMA_addJSCode function.
Add table filtering to database structure.
Allow to configure signon session parameters.
Drop database is broken.
Can't toggle Event Scheduler on.
Finish removing dead code references to xls/xlsx import and export, which was removed some time ago.
Rename "Relations" to "Relationships" in many places as it's the more proper term.
margins in central columns feature.
Document more export configuration options.
18.104.22.168 Nov 2016 05:45
Incorrect parameters to escapeString in Node.php.
PHP error when mbstring is not installed.
Don't force partition count to be specified when creating a new table.
4.6.526 Nov 2016 03:15
Remove potentionally license problematic sRGB profile.
Display read only fields as read only when editing.
expanding of navigation pane when clicking on database.
Impove partitioning support.
Reintroduced simplified PmaAbsoluteUri configuration directive.
Always use UTC time in HTTP headers.
Simplified validation of external links.
browsing tables with built in transformations.
Do not show warning about short blowfish_secret if none is set.
random logouts due to wrong cookie path.
editing of ENUM/SET/DECIMAL fields structure.
Missing escaping of configuration used in SQL (hide_db and only_db).
Add error checking in reading advisory rules file.
Add checking missing elements and confirming element types from json_decode.
Automatically save SQL query in browser local storage rather than in cookie.
Unable to edit transformations.
Remove unused paramenter when connecting to MySQLi.
number formatting with different settings of precision in PHP.
Use single quotes in PHP code.
Option for the dropped column is not removed from 'after_field' select, after the column is dropped.
Properly detect DROP DATABASE queries.
possible race condition in setting URL hash.
Remove caching of server information.
Proper parsing of INSERT... ON DUPLICATE KEY queries.
Proper parsing of CREATE TABLE... PARTITION queries.
Code can throw unhandled exception.
Do not try to keep alive session even after expiry.
rendering BBCode links in setup.
copy of table with generated columns.
export of table with generated columns.
Copying a user does not copy usergroup.
Adding a new row with default enum goes to no selection when you want to add more then 2 rows.
Drag and drop import prevents file dropping to blob column file selector on the insert tab.
Absence of scrolling makes it impossible to read longer text values in grid editing.
"Edit routine" crashes when the current user is not the definer, even if privileges are adequate.
Export selective tables by-d
4.6.418 Aug 2016 06:45
security Weaknesses with cookie encryption, see PMASA-2016-29.
security Improve session cookie code for openid.php and signon.php example files.
security Full path disclosure in openid.php and signon.php example files.
security Multiple XSS vulnerabilities, see PMASA-2016-30.
security Multiple XSS vulnerabilities, see PMASA-2016-31.
security Unsafe generation of BlowfishSecret (when not supplied by the user).
security Referrer leak when phpinfo is enabled.
security PHP code injection, see PMASA-2016-32.
security Full path disclosure, see PMASA-2016-33.
security SQL injection attack, see PMASA-2016-34.
security Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35.
security Local file exposure through symlinks with UploadDir, see PMASA-2016-36.
security Path traversal with SaveDir and UploadDir, see PMASA-2016-37.
security Multiple XSS vulnerabilities, see PMASA-2016-38.
security SQL injection vulnerability as control user, see PMASA-2016-39.
security SQL injection vulnerability, see PMASA-2016-40.
security Denial-of-service attack through transformation feature, see PMASA-2016-41.
security SQL injection vulnerability as control user, see PMASA-2016-42.
security Verify data before unserializing, see PMASA-2016-43.
security Use HTTPS for wiki links.
Remove Swekey support.
security SSRF in setup script, see PMASA-2016-44.
security Denial-of-service attack with cfg 'AllowArbitraryServer' = true and persistent connections, see PMASA-2016-45.
security Improve SSL certificate handling.
security full path disclosure in deging code.
security Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47.
security Detect if user is logged in, see PMASA-2016-48.
security Bypass URL redirection protection, see PMASA-2016-49.
security Referrer leak, see PMASA-2016-50.
security Reflected File Download, see PMASA-2016-51.
4.6.324 Jun 2016 03:15
Cookie path on Windows.
Error reporting on connect problems.
Export of tables without explicitly set engine.
MySQL SSL connection with some PHP versions.
MySQL connection error on version mismatch.
Keep user attributes (privileges, authentication mode, etc) when copying a user.
Division by zero in case of misconfigured MySQL server.
Editing server variables.
Table size calculation in some circumstances.
Listing routines for non privileged user.
Escape generated query in exporting a database.
Setup script doesn't use input type 'password' in all relevant locations.
security BBCode injection in setup script, see PMASA-2016-17.
security Cookie attribute injection attack, see PMASA-2016-18.
Redirect loop when directly calling url.php.
security SQL injection attack, see PMASA-2016-19.
security XSS attack in Table Structure page, see PMASA-2016-20.
security XSS attack in Server Privileges page, see PMASA-2016-21.
security DOS attack vulnerability, see PMASA-2016-22.
security Multiple full path disclosure vulnerabilities, see PMASA-2016-23.
security Full path disclosure when running in demode.
security XSS attack with partition range and table structure, see PMASA-2016-25.
security XSS attack when checking database privileges, see PMASA-2016-26.
security XSS attack when MySQL server is using a specific payload log_bin directive, see PMASA-2016-26.
security XSS vulnerabilities in Transformation feature, see PMASA-2016-26.
4.6.226 May 2016 03:15
security User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14.
security Self XSS vulneratbility, see PMASA-2016-16.
Use https for documentation links.
schema export with too many tables.
Avoid parsing non JSON responses as JSON.
setting mixed case languages.
Avoid storing objects in session when deging SQL.
cookie path on IIS.
occassional 200 errors on Windows.
locking when importing SQL.
Avoid confusing warning when mysql extension is missing.
Improve handling of logout.
Safer handling of sessions during authentication.
server selection on main page.
Avoid storing full error data in session.
export of ARCHIVE tables with keys.
Add session reload for config authentication.
Do not fail on errors stored in session.
loading of APC based upload progress bar.
4.6.110 May 2016 03:15
PMA_Util not found in insert_edit.lib.php.
Activation of some languages.
Error in 3NF step of normalization.
Offering JSON datatype in incompatible MySQL versions.
Can not open table with JSON field.
Cannot highlight a column if I scroll down from the top of the table.
Possible PHP error in SQL parser.
SQL quoting in SQL export.
Improve performance of database structure page.
PHP error if user did unpack new version over old one.
Parsing of expression 0.
Document setup with Google Cloud SQL.
Parsing of queries with double .
Setting of language from user configuration.
Check for ndb version.
Loading of configuration file.
Check if sessions are working and report failures.
Non-clickable initial letter for users / and can't modify users with MySQL 5.7.12.
Config tab persistence errors.
Parsing of some AS clauses.
Parsing of FULL OUTER JOIN queries.
Editing of VIEW structure.
Avoid printing executed queries on import.
4.6.0.024 Mar 2016 03:15
Disabled storage engines.
Allow setting routine wise privileges.
Hide Insert tab for non-updatable views.
UI for defining partitioning in create table window.
Support JSON data type.
Editing partitions in table Structure.
Tracking does not make sense for information_schema.
Regression in Find and replace.
TokuDB Tables Show Size as "unknown".
Use a slider for Internal relations.
Ability to disable the navigationhiding Feature.
Restrict configuration NavigationTreeDbSeparator to strings.
Disable the tooltip in the navigation panel's filter box.
Copy results to clipboard.
Reactivate cut paste possibility in print view.
Extraneous message after edit + grid-edit.
Table header is empty with browsing an empty table.
Allow changing parameter order of routines.
Remove no password warning.
Clarify the meaning of "Stand-in structure for view" in SQL export.
HTML line break shown after a MySQL connection error message.
CSV import skip row count after.
displaying of SQL query on table operations.
Display binary strings as text if they are valid UTF-8.
Display routine specific privileges.
Copy multiple tables to database.
Support Cloudflare Flexible SSL.
Handle empty TABLE_COMMENT.
Drop support for old Internet Explorer versions.
Use modals for displaying forms in db structure page.
Show MySQL error messages in user language.
Add 'ssl_verify' configuration directive for self-signed certificates with mysqlnd and PHP = 5.6.
Show more used PHP extensions.
Report when version check and error reporting are disabled.
PDF schema export.
Remove ForceSSL configuration directive.
Remove support for Mozilla Prism.
Remove PmaAbsoluteUri configuration directive.
autoloading of phpseclib.
rendering of missing extension error.
Errors on Structure tab when user only has select access on certain columns.
Missing documentation for cfg 'Servers' i 'favorite' and cfg 'NumFavoriteTables
22.214.171.124 Mar 2016 00:45
CREATE UNIQUE INDEX index type is not recognized by parser.
Row count wrong when grouping joined tables.
Column definition with default value and comment in CREATE TABLE expoerted faulty.
New statement but no delimiter and unexpected token with REPLACE.
incorrect usage of SQL parser context in SQL export.
security XSS vulnerability in SQL parser, see PMASA-2016-10.
security Multiple XSS vulnerabilities, see PMASA-2016-11.
security Multiple XSS vulnerabilities, see PMASA-2016-12.
security Vulnerability allowing man-in-the-middle attack on API call to GitHub, see PMASA-2016-13.
inclusion of gettext library from SQL parser.
4.5.5.025 Feb 2016 09:05
Undefined index: is_ajax_request.
password change on MariaDB 10.1 and newer.
Validate version information before further processing it.
Full processlist lost on refresh.
Adjust privileges fails if database name contains underscores.
'Loading...' banner shows on login screen.
changing of table parameters, eg. AUTO_INCREMENT.
Call to undefined function SqlParser ctype_alnum().
.5.3.1 - NOW() function not recognized by parser.
Gracefully handle the DESC statement.
Fractional timestamp causes corrupted SQL export.
Static analysis error for valid WHERE condition with IF keyword.
Syntax Verifier error using REGEXP in SQL statement.
Backslashes in comments are being interpreted as escape characters.
Can't insert row into table that contains generated column.
sql-parser and php-gettext collide.
Can't disable backquotes in export.
Inserts via tbl_change.php in VARBINARY columns does not allow using HEX() and MD5().
Correct content type for uploaded error reports.
Silent errors from checking local documentation.
error on servers with disabled php_uname.
Correctly store and report file upload errors.
PHP warning on configuration errors.
Silent errors on checking for writable folders.
Silent warning on invalid file upload.
Do not fail getting filename with open_basedir limitations.
unrecognized keyword interval.
Field names and aliases are being correctly parsed now.
Undefined index: TABLE_COMMENT in database structure page.
PHP error on loading invalid XML or ODS file.
Missing confirmation while dropping a view in view_operations.php.
export of index comments in SQL.
DECLARE not accepted as valid SQL.
4.5.4.029 Jan 2016 14:05
live data edit of big sets is not working.
Table list not saved in db QBE bookmarked search.
While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword.
Properly handle errors in upacking zip archive.
Set PHP's internal encoding to UTF-8.
Kanji encoding in some specific cases.
Check whether iconv works before using it.
Avoid conversion of MySQL error messages.
Undefined index: parameters.
Undefined index: field_name_orig.
Undefined index: host.
'Add to central columns' (per column button) does nothing.
SQL duplicate entry error trying to INSERT in designer_settings table.
handling of databases with dot in a name.
hiding of page content behind menu.
FROM clause not generated after loading search bookmark.
creating/editing VIEW with DEFINER containing special chars.
Do not invoke FLUSH PRIVILEGES when server in --skip-grant-tables.
Misleading message for configuration storage.
Table pagination does nothing when session expired.
Index comments not working properly.
Better handle local storage errors.
Improve detection of privileges for privilege adjusting.
Undefined property: stdClass:: releases at version check when disabled in config.
SQL comment and variable stripped from bookmark on save.
Security Multiple full path disclosure vulnerabilities, see PMASA-2016-1.
Security Unsafe generation of CSRF token, see PMASA-2016-2.
Security Multiple XSS vulnerabilities, see PMASA-2016-3.
Security Unsafe comparison of CSRF token, see PMASA-2016-5.
Security Multiple full path disclosure vulnerabilities, see PMASA-2016-6.
Security XSS vulnerability in normalization page, see PMASA-2016-7.
Security Full path disclosure vulnerability in SQL parser, see PMASA-2016-8.
Security XSS vulnerabili
4.5.3.024 Dec 2015 06:25
Incomplete results of UNION ALL.
MATCH AGAINST keywords not recognized.
syntax verifier is not knowing "STRAIGHT_JOIN".
REPLACE() function confused with REPLACE statement.
FLUSH word not recognized by parser.
Online syntax verifier - "IF" on SELECT statement.
Format breaks query with COUNT().
Undefinex index: SendErrorReports.
Incorrect script name in include.
Warning: Invalid argument supplied for foreach().
Delimiter missing while exporting multiple db routines.
mysql_native_password with MariaDB - Flush privileges overusage - related to #11597.
Query was empty on creating User in 4.5.2.
Cannot create user on Percona Server.
Properly report error on connecting.
Database export template not saving compression option.
single quote export for servers in ANSI_QUOTES mode.
Avoid duplicite fetching of table information.
Temporary for live data edit of big sets is not working.
IE 8 compatibility in console.
Exporting feature does not work with union table.
Cannot export results of some queries.
Message "An account already exists..." incorrectly displayed.
Missing quoting of table in ALTER CONVERT query.
PMA 4.5.2 breaks MySQL Master-Master Cluster.
Export and preview show different SQL for character set.
possible undefined variables in table operations.
4.5.2.024 Nov 2015 06:45
Incorrect parameter in mysqli_fetch_fields().
Missing headers in zipped export.
Parser: Array to string conversion.
Huge binary log growth on 4.5.x.
'only_db' config option when db names contain underscore and are grouped.
Unable to change password from Login information tab.
Undefined variable: res_rel.
Warning while exporting schema to PDF.
Undefined index: new_row_format.
Changing hostname kills password.
Undefined variable: db.
CREATE TABLE/INSERT INTO executed twice (ctrl+enter).
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given.
Exporting GIS visualization ignores start and row count.
Errors instead of git info when PHP has no gzip support.
CodeMirror tooltip shows below modal window.
with the MainBackground Color.
Profiling checkbox is missing.
Properly handle session expiry after POST requests.
Notice in./export.php#214 Undefined index: quick_or_custom.
Sql not executed properly.
Linter warnings when creating new user.
wrong row count for query results.
Analyzer doesn't recognize GRANT statements.
Parser warnings (subqueries).
Collation column is empty in table Structure.
Error changing table's column encoding.
4.5.1.024 Oct 2015 07:05
Invalid argument supplied for foreach().
array_key_exists() expects parameter 2 to be array.
Notice Undefined index: drop_database.
Server variable edition in ANSI_QUOTES sql_mode: losing current value.
Propose table structure broken.
phpMyAdmin suggests upgrading to newer version not usable on that system.
'PMA_Microhistory' is undefined.
Incorrect definition for getTablesWhenOpen().
Error when creating new user on MariaDB 10.0.21.
Notice on htmlspecialchars().
Notice in Structure page of views.
AUTO_INCREMENT always exported when IF NOT EXISTS is on.
Some partitions are missing in copied table.
Notice of undefined variable when performing SHOW CREATE.
Error exporting sql query results with table alias.
SQL editing window does not recognise 'OUTER' keyword in 'LEFT OUTER JOIN'.
"NOT IN" clause not recognized (MySQL 5.6 and 5.7).
Yellow star does not change in database Structure after add/remove from favorites.
Invalid SQL in table definition when exporting table.
Foreign key to other database's tables fails.
while exporting results when a joined table field name is in SELECT query.
Strange behavior on table rename.
Rename table does not result in refresh in left panel.
Missing arguments for PMA_Table::generateAlter().
Notices about undefined indexes on structure pages of information_schema tables.
Change minimum PHP version for Composer.
Import parser and backslash.
"Visualize GIS data" seems to be broken.
Confirm box on "Reset slave" option.
cookies clearing on version change.
Cannot execute SQL with subquery.
Incorrect syntax creating a user using mysql_native_password with MariaDB.
Cannot use third party auth plugins.
4.4.15.021 Sep 2015 16:45
Undefined "replace" function on numeric scalar.
Stored-proc / routine - broken parameter parsing.
Missing name for configuration read_as_multibytes.
Incorrect "No row selected" message.
MySQL 5.5 and the language system variable.
Semantics of export and import icons are mixed up.
Designer-in move.js on multiple server configuration.
Invalid UTF-8 sequence in argument.
Request URI too large.
Invalid argument supplied for foreach().
Foreign key constraints for InnoDB tables with upper-case letters disabled.
Warning when entering Query page.
4.4.14.021 Aug 2015 10:45
Export after search, missing WHERE clause.
Incomplete message after import.
Incorrect scalar type declaration (reported under PHP 7).
ReCaptcha produces deprecated messages under PHP 7.
phpseclib 2.0 produces deprecated messages on PHP 7.
"Switch to copied table" doesn't work.
Missing quotes after calling "distinct values".
Cannot import database with long data in one column.
SPATIAL index option is not clickable.
4.4.13.008 Aug 2015 07:25
"Improve table structure" generates invalid SQL.
issue Once checked "Show only active" checkbox is always checked.
Delete rows using "Check All" is broken.
issue Fix PHP 7 possible binding ambiguity.
Exported schema includes all the tables of the database.
Results not displayed if query ends in delimiter and comment.
Live edit of data fields is not working always.
issue Table list in navigation collapses when entering into a table in another page.
JS error while trying to auto navigate to db structure page when db creation has failed.
4.4.12.022 Jul 2015 08:25
Saved chart image did not have a proper name or an extension.
Timepicker CSS issues in Original theme.
Move/Copy/Rename operations on Table/Db fail on Drizzle server.
Two inline edit windows.
Problem when import *.ods file.
Add missing head tag.
Column headers move when scrolling.
4.4.11.007 Jul 2015 22:05
bug Missing selected/entered values when editing active options in visual query builder.
Autoload from prefs_storage not behaving properly.
Incorrect length computed for binary data.
bug Remove character set from create_tables_drizzle.sql.
Users overview needs clarification.
Creating a database from console doesn't update navigation panel.
FAQ 1.17 needs an update.
4.4.10.018 Jun 2015 15:45
Issues in database selection for replication.
Trying to save chart as image crashes the browser.
cant drag sql.gz file onto import input.
Table creation results in GET request with missing server parameter that invalidates the session.
Insert by foreign key scrolls page to top.
Clicking on the navi logo does not always work.
4.4.9.005 Jun 2015 13:25
relation view doesn't list fields of table in other database.
Sorting by an alias.
False error before entering reCAPTCHA.
central column with multiple server.
Custom export with backquotes off is not working.
Reverse proxy: infinite internal redirect (added warning in doc).
Export to gzip saves plain text under Chrome.
4.4.8.029 May 2015 03:16
bug Allow accessing visual query builder when pmadb is not configured.
Nav tree line alignment issue.
Lock page icon is not shown after fresh reload.
"Highlight pointer" and "Row marker" doesn't work properly.
bug Browse foreigners window goes out of the window.
Date field popup dialog position bug.
bug In /setup, PMA_messages is not defined.
Database copy doesn't work for tables with more than one FULLTEXT index.
Edit view structure doesn't load the algorithm.
Do not limit table comments to 60 characters.
4.4.7.018 May 2015 03:16
Settings issues (Favorite tables shown twice in Settings).
Non-styled error page when following results link.
Deleting without confirmation.
Issues with SQL autocomplete.
Column hint in SQL autocomplete is sometimes not shown.
JS error after selecting a field and press Enter.
bug Honor proxy settings when getting Git commit information.
bug Missing title on link.
ForceSSL Redirect Check.
bug Undefined index collation_connection.
bug Error when the reporting server is down.
bug Escape database and table names for partition maintenance.
bug Invalid value for CURLOPT_SSL_VERIFYPEER.
Import status infinite loop.
Designer: Loading does not work.
Setup: Overview Display does not work.
Designer: pages from all databases.
4.4.6.010 May 2015 03:45
webkitStorageInfo and webkitIndexedDB is deprecated.
Undefined variable: unique_conditions.
CSV Import ignores "Replace table data with file" checkbox.
4.4.5.006 May 2015 20:05
Table overhead stats: missing space before the unit.
Fix resize icon in Designer.
Exit fullscreen in Designer does not change the button text.
Designer icons missing when using original theme.
Column list of central columns is not cleared.
jQuery dialogs of the Designer are not displayed in fullscreen.
Search function breaks when searching for certain combinations of backslashes and slashes.
Maximum execution time exceeded in Util.class.php (better fix).
Some icons are above the overlay of jQuery dialogs.
Clicking on external links in advisor rules give JS error.
Filter in central columns does not work in other languages.
4.4.4.028 Apr 2015 02:45
Don't scroll (to bottom) when editing multiple rows.
Misaligned Inline edit field.
Use of undefined constant PMA_DRIZZLE.
sprintf(): Too few arguments.
Limit column ordering in index edit dialog.
Incorrect ALTER TABLE statement generated.
Inconsistency in 'Ignore' checkbox in insert page.
Drop column action not asking to confirm.
Error on creating table.
Bugfux for Undefined index: Rows.
4.4.3.021 Apr 2015 14:05
PHP errors in login dialogue.
json_encode error due to strftime returning non utf8 chars in Windows 8.1 Chinese version.
White screen (Cloudflare).
Server error viewing table content.
bug Fix issues related to number of decimal places in time.
Relation view between 1600 and 1780 px.
bug PHP 7 compatibility in php-gettext.
bug PHP 7 compatibility in bfShapeFiles.
bug PHP 7 session_regenerate_id() warning.
Alter table after changing column name error.
Maximum execution time exceeded in Util.class.php.
4.4.1.008 Apr 2015 13:05
Fixed changing the password for another user.
Request URI too large.
MySQL 5.7.6 and Databases:
Use 'server' parameter in console to work in multi server environments.
Missing tooltip in monitor.
Missing sort icons in monitor.
Inline edit broken when using functions in query.
Timed-out import fails to restart when file represented.
pMA DB not detected properly.
Datepicker missing when changing number of rows on Insert page.
INNODB STATUS page is empty.
TEXT formatting doesn't work after inline editing.
Compress when php.ini output_buffering is active.
Sorting distinct values result loses links.
Do not attach token to css requests to improve caching.
4.4.0.003 Apr 2015 03:16
rfe InnoDB presently supports one FULLTEXT index creation at a time.
rfe Allow tracking multiple table at once from database level tracking page.
rfe Improve action message on Tracking page.
rfe Change value of "Number of rows:" when "Show all" is checked.
rfe Focus console by clicking on white space.
rfe Part 1: Cycle through console history with keyboard up/down arrows.
rfe Default to primary key when adding relation.
rfe User prefs: Diff-friendly JSON for config.
rfe Sever Variables Table UI Improvements.
phpMyAdmin should be able to work without 'examples' DIR - move SQL scripts to sql directory.
rfe Warn about reserved word only when a column is created.
rfe Recaptcha API v2.
rfe Individual Zeroconf PMA tables support.
rfe Generate keys one per line.
rfe allow table with transformed column anywhere in FROM clause.
rfe Shortcut link to search page.
rfe Fold Add Column After / Before into dropdown.
Table structure: adding primary key doesn't refresh page.
rfe SQL formatter.
rfe Fast filter improvement: remove "x other results found".
No error message on Missing extension mbstring.
rfe Builtin transformations and relations.
rfe USING BTREE support for HEAP/MEMORY tables.
rfe Make "Options Relational" configurable.
rfe More details in PDF relation view.
rfe Cannot enter connection for federated engine table.
rfe Allow SALT in ENCRYPT function.
rfe Setting LoginCookieValidity session.gc_maxlifetime.
rfe Transformation for JSON.
bug Fix isCanvasSupported for new window.
rfe Clarify the "Inline" link.
rfe Speed up slow triggers by using EVENT_OBJECT_SCHEMA.
rfe ON DUPLICATE KEY UPDATE for loading CSV.
bug Cannot execute command from console (multi-server installation).
rfe linking from information_schema.
rfe Relation view: move to main "Structure" page.
rfe Designer menu with explicit text.
rfe Relations with views like with tables.
rfe Browse Field - Search.
rfe Provide sanity check for table/column
4.3.13.030 Mar 2015 19:25
"Show hidden items" is sometimes hidden.
Breaks when sorting by multiple columns while using UNION.
Missing column when exporting in sql.
Broken find and replace.
Undefined Index after export schema.
Changelog page is not working.
Infinite calls to index.php.
Invalid links to dev.mysql.com.
simulate query fails, but actual query does not.
4.3.12.015 Mar 2015 06:25
bug #4746 Right-aligned columns have left-aligned header
bug #4779 PMA_Util::parseEnumSetValues fails on enums with UTF-8 values
bug Undefined index savedsearcheswork
bug #4788 Inline edit of DATE fields with NULL, NULL checkbox is under datepicker
bug #4790 DROP TABLE/VIEW IF EXISTS are not tracked
bug Compatibility with central columns of version 4.4
bug #4758 Firefox with auth_type to http with multiple server doesn't work anymore
bug #4789 Views aren't dropped when copying a database
bug #4784 Incomplete bookmark saving
bug #4786 SELECT width on relations page
126.96.36.199 Mar 2015 19:25
Risk of BREACH attack, see PMASA-2015-1
4.3.11.003 Mar 2015 20:05
SQL links are completely wrong.
MariaDB: version mismatch.
Some images are missing in Designer for original theme.
Drizzle: undefined index in mysql_charsets.inc.php.
Normal field and multi-line field have different margins.
Cannot re-import settings from local storage.
SQL error when database list is sorted by additional columns.
Notice when timestamp column does not have default value.
4.3.10.021 Feb 2015 04:05
bug Undefined index navwork
bug #4744 Opening console scroll down the page
bug Remove extra column heading in view structure page
bug Add missing confirmation when deleting central columns
bug Undefined index DisableIS
bug #4763 Database export with more than 512 tables fails
bug #4769 Previously set column aliases are destroyed if returned to the same table
bug #4752 Incorrect page after creating table
bug #4771 Central Columns not working, showing error
4.3.9.006 Feb 2015 03:17
bug #4728 Incorrect headings in routine editor
bug #4730 Notice while browsing tables when phpmyadmin pma database exists, but not all the tables
bug #4729 Display original field when using "Relational display column" option and display column is empty
bug #4734 Default values for binary fields do not support binary values
bug #4736 Changing display options breaks query highlighting
bug Undefined index submit_type
bug #4738 Header lose align when scrolling in Firefox
bug #4741 in ./libraries/Advisor.class.php#184 vsprintf: Too few arguments
bug #4743 Unable to move cursor with keyboard in filter rows box
bug Incorrect link in doc
bug #4745 Tracking does not handle views properly
bug #4706 Schema export doesn't handle dots in db/table name
bug #3935 Table Header not displayed correct
bug #4750 Disable renaming referenced columns
bug #4748 Column name center-aligned instead of left-aligned in Relations
4.3.8.025 Jan 2015 07:05
bug Undefined constant PMA_DRIZZLE
bug #4712 Wrongly positioned date-picker while Grid-Editing
bug #4714 Forced ORDER BY for own sql statements
bug #4721 Undefined property: stdClass:: version
bug #4719 'only_db' not working
bug #4700 Error text: Internal Server Error
bug #4722 Incorrect width table summary when favorite tables is disabled
bug #4716 Collapse all in navigation panel is sometimes broken
bug #4724 Cannot navigate in filtered table list
bug #4717 Database navigation menu broken when resolution/screen is changing
bug #4727 Collation column missing in database list when DisableIS is true
bug Undefined index central_columnswork
bug Undefined index favorite_tables
4.3.7.016 Jan 2015 04:25
bug #4694 js error on marking table as favorite in Safari
bug #4695 Changing cfg doesn't update link and title
bug Undefined index menuswork
bug Undefined index navwork
bug Undefined index central_columnswork
bug #4697 Server Status refresh not behaving as expected
bug Null argument in array_multisort
bug #4699 Navigation panel should not hide icons based on 'TableNavigationLinksMode'
bug #4703 Unsaved schema page exported as pdf.pdf
bug #4707 Call to undefined method PMA_Schema_PDF::dieSchema
bug #4702 URL is non RFC-2396 compatible in get_scripts.js.php
4.3.6.008 Jan 2015 08:05
bug Undefined index notices while configuring recent and favorite tables
bug #4687 Designer breaks without configuration storage
bug #4686 Select elements flicker and selects something else
bug #4689 Setup tool creates "pma__favorites" incorrectly
bug #4685 Call to a member function isUserType on a non-object
bug #4691 Do not include console when no server is selected
bug #4688 File permissions in archive
4.3.4.030 Dec 2014 03:25
bug #4653 Always connection error was shown, on /setup at tab "configuration storage"
bug #4661 Drag and drop file import always fails
bug #4651 don't open console with esc
bug #4664 select min displays 1 row, but reports the table amount of rows returned
bug #4666 Undefined indexes in table stucture print view of a view
bug #4663 Export missing back ticks for order table name
bug #4668 Remove from central columns error
bug #4670 CSV import reads both commas and values into first column after first row
bug #4642 phpmyadmin often fails to load due to specific load order
bug #4671 Unable to move all columns
bug #4645 Import of export created with mysqldump
bug #4672 "Distinct values" does not page
bug #4667 Consistency in borders
bug #4658 Illegal string offset
bug #4655 Undefined index: collation_connection
bug #4673 Delimiter causing page lock
4.3.3.022 Dec 2014 03:15
bug The "Recently used tables" setting should be with Nav panel
bug #4647 Can't disable Favorites
bug #4646 Version Check Broken
bug #4630 AJAX request infinite loop
bug #4649 Attributes field size smaller than others
bug #4622 Cannot remove table ordering on a Mac
bug Fix initial replication configuration
bug Undefined index central_columnswork
bug #4657 Don't have default blowfish_secret
bug #4656 Some error popups fade away too quickly
bug #4648 Consistency in borders
bug cfg no longer necessary
bug #4659 Leading and trailing whitespace in column name
4.3.2.012 Dec 2014 13:45
bug #4628 PHP error while exporting schema as PDF
bug #4631 Server selector submits two server parameter values
bug #4629 Problem with custom SQL queries using cookie authentication
bug Undefined index central_columnswork
bug #4632 Notice in ./libraries/Util.class.php#1916 Undefined index: query
bug #4633 Wrong parameter in fetchValue
bug #4634 Error reporting creates an infinite loop
bug #4635 Token mismatch while creating configuration storage
bug #4640 Incorrect reference to PHP 6
bug #3794 failure to handle repeating empty columns when importing ODS
bug #4638 Default Export Method setting broken
bug #4639 Export SQL missing indentation first field
bug #4637 Field Alignment
bug #4644 Error when browsing tables
4.3.1.009 Dec 2014 03:15
bug #4609 'Show all' checkbox label is not clickable
bug #4610 JS error reporting: Hash fragment is reset
bug Undefined index menuswork
bug #4614 Separator between "Show All" and "Number of rows" disappears
bug #4615 SQL highlighting in process list breaks on auto refresh
bug #4616 Warning in db structure print view page
bug Undefined index navwork, savedsearcheswork, fields
bug #4620 Undefined index while adding to the central columns list
bug #4618 Page scrolls while GIS visualization is zoomed in/out with mousewheel
bug #4613 HHVM: method 'ob_gzhandler' not found
bug #4593 Manual "SELECT" doesn't change active table
bug #4623 Incomplete PHP OpenSSL support
bug #4626 Ctrl + click on a column not in sort triggers a server call to erroneous url
bug #4625 "Insufficient space to save the file" on export SQL to file on server
bug #4627 "file_get_contents: failed to open stream" after update
bug #4617 UI issues with sortable tables
bug #4619 SELECT LENGTH FROM `table` does not sort
4.2.13.001 Dec 2014 07:45
bug #4604 Query history not being deleted
bug #4057 db/table query string parameters no longer work
bug #4605 Unseen messages in tracking
bug #4606 Tracking report export as SQL dump does not work
bug #4607 Syntax error during db_copy operation
bug #4608 SELECT permission issues with relations and restricted access
4.2.12.021 Nov 2014 03:15
bug #4577 Multi row actions cause full page reloads
bug ReferenceError: targeturl is not defined
bug Incorrect text/icon display in Tracking report
bug #4404 Recordset return from procedure display nothing
bug #4584 Edit dialog for routines is too long for smaller displays
bug #4576 Issue with long comments on table columns
bug #4599 Input field unnecessarily selected on focus
bug #4602 Exporting selected rows exports all rows of the query
bug #4444 No insert statement produced in SQL export for queries with alias
bug #4603 Field disabled when internal relations used
bug #4596 XSS through exception stack
bug #4595 Path traversal can lead to leakage of line count
bug #4578 XSS vulnerability in table print view
bug #4579 XSS vulnerability in zoom search page
bug #4594 Path traversal in file inclusion of GIS factory
bug #4598 XSS in multi submit
bug #4597 XSS through pma_fontsize cookie
4.2.11.001 Nov 2014 03:15
bug ReferenceError: Table_onover is not defined
bug #4552 Incorrect routines display for database due to case insensitive checks
bug #4259 reCaptcha sound session expired problem
bug #4557 PHP fatal error, undefined function __
bug #4568 Date displayed incorrectly when charting a timeline
bug #4571 Database Privileges link does not work
bug makegrid.js: where_clause is undefined
bug #4572 missing trailing slash
188.8.131.52 Oct 2014 03:15
bug #4562 XSS in debug SQL output
bug #4563 XSS in monitor query analyzer
4.2.10.012 Oct 2014 03:16
bug #4361 Can't change font size
bug #4542 Tab key in column name not shown
bug PDF export: title not present in PDF
bug #4543 Changing column name can break saved "order by" clause
bug #4545 trying to favorite table while browser localStorage is disabled throws JS error
bug #4259 reCaptcha sound session expired problem
bug #4548 Inline editing a field converts tab to spaces
bug #4252 Database-level permission bug for db names containing underscores
bug #3120 Events are not exported when using xml
bug #4554 Grid-editing timestamp column forces datepicker
bug #4556 Fast filters for tables, views etc. should be governed by NavigationTreeDisplayItemFilterMinimum
184.108.40.206 Oct 2014 20:11
Security: XSS vulnerabilities in table search and table structure pages
4.2.9.021 Sep 2014 03:15
bug ajax.js responseHandler: cannot read property of null
bug sql.js: str is undefined
bug #4524 Allow for direct selection of "0" on the "user overview" page
bug #4529 Undefined index: pos
bug #4523 tbl_change.js: insert as new row submit type on multiple selected records does not set all AUTO_INCREMENTs to 0 value
bug ajax.js responseHandler: another "cannot read property"
bug tbl_structure.js "cannot read property"
220.127.116.11 Sep 2014 23:49
DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions
4.2.8.031 Aug 2014 23:09
This bug fix corrects some odd export behavior, an uncaught TypeError, sql.js/server_privileges.js/functions.js property accesses, chart types did not match selected data, ignored AUTO_INCREMENT option and partitioned table in exports, duplicate column names while assigning index, import ODS files with trailing spaces in column names, navigation error in search results.
18.104.22.168 Aug 2014 22:36
XSS in table browse page. Self-XSS in enum value editor. Self-XSSes in monitor. Self-XSS in query charts. XSS in view operations page. XSS in relation view.