phpMyAdmin 歷史舊版本 Page3

更新時間：2020-10-11
更新細節：

What's new in this version:

First the security fixes:
- PMASA-2020-5 XSS vulnerability with transformation feature
- PMASA-2020-6 SQL injection vulnerability with the search feature

Next a few of the key bugfixes included with this release:
- Fix an error message about htmlspecialchars() when attempting to export XML
- Support double tapping to edit on mobile
- Fix the error message "Use of undefined constant MYSQLI_TYPE_JSON" when using mysqlnd
- Fix fatal JS error on index creation after using Enter key to submit the form
- Fix "axis-order" to swap latitude and longitude on MySQL 8.1 or newer
- Fix an error when overwriting an existing query bookmark
- Fix some warnings that appear with PHP 8
- Fix alter user privileges query when editing an account with MySQL 8.0.11 and newer
- Fix issues regarding TIMESTAMP columns with default CURRENT_TIMESTAMP in MySQL 8.0.13 and newer
- Fix a message that "Warning: error_reporting() has been disabled for security reasons" on php 7.x

更新時間：2020-10-11
更新細節：

What's new in this version:

- Solved an issue that alert sound cannot be played at the end of a break
- Solved an issue that the color temperature cannot be restored to normal after uninstall
- Forced mode does not allow the timer to be paused
- Solved an issue that the monitor will return to the original color temperature when waking up from the power-saving mode

更新時間：2020-10-11
更新細節：

What's new in this version:

New features:
- On platforms using configure option --with-internal-tzcode, additional values "internal" and (on macOS only) "macOS" are accepted for the environment variable TZDIR. (See ?TZDIR.)
- On macOS, "macOS" is used by default if the system timezone database is a newer version than that in the R installation.
- When install.packages(type = "source") fails to find a package in a repository it mentions package versions which are excluded by their R version requirement and links to hints on why a package might not be found.
- The default value for options("timeout") can be set from enviromnent variable R_DEFAULT_INTERNET_TIMEOUT, still defaulting to 60 (seconds) if that is not set or invalid.
- This may be needed when child R processes are doing downloads, for example during the installation of source packages which download jars or other forms of data.

Link-time optimization on a unix-alike:
- There is now support for parallelized Link-Time Optimization (LTO) with GCC and for ‘thin’ LTO with clang via setting the LTO macro.
- There is support for setting a different LTO flag for the Fortran compiler, including to empty when mixing clang and gfortran (as on macOS). See file ‘config.site’.
- There is a new LTO_LD macro to set linker options for LTO compilation, for example to select an alternative linker or to parallelize thin LTO.

Deprecated and defunct:
- The LINPACK argument to chol.default(), chol2inv(), solve.default() and svd() has been defunct since R 3.1.0. Using it now gives a warning which will become an error in R 4.1.0.

Bug fixes:
- The code mitigating stack overflow with PCRE regexps on very long strings is enabled for PCRE2 < 10.30 also when JIT is enabled, since stack overflows have been seen in that case.
- Fix to correctly show the group labels in dotchart() (which where lost in the ylab improvement for R 4.0.0).
- addmargins(*, ..) now also works when fn() is a local function, thanks to bug report and patch PR#17124 from Alex Bertram.
- rank(x) and hence sort(x) now work when x is an object (as per is.object(x)) of type "raw" and provides a valid `[` method, e.g., for gmp::as.bigz(.) numbers.
- chisq.test(*, simulate.p.value=TRUE) and r2dtable() now work correctly for large table entries (in the millions). Reported by Sebastian Meyer and investigated by more helpers in PR#16184.
- Low-level socket read/write operations have been fixed to correctly signal communication errors. Previously, such errors could lead to a segfault due to invalid memory access. Reported and debuggedin PR#17850.
- quantile(x, pr) works more consistently for pr values slightly outside [0,1], thanks to Suharto Anggono's PR#17891.
- Further, quantile(x, prN, names=FALSE) now works even when prN contains NAs, thanks to Anggono's PR#17892. Ditto for ordered factors or Date objects when type = 1 or 3, thanks to PR#17899.
- Libcurl-based internet access, including curlGetHeaders(), was not respecting the "timeout" option. If this causes unanticipated timeouts, consider increasing the default by setting R_DEFAULT_INTERNET_TIMEOUT.
- as.Date(<char>) now also works with an initial "", thanks to Michael Chirico's PR#17909.
- isS3stdGeneric(f) now detects an S3 generic also when it it is trace()d, thanks to Gabe Becker's PR#17917.
- R_allocLD() has been fixed to return memory aligned for long double type PR#16534.
- fisher.test() no longer segfaults when called again after its internal stack has been exceeded PR#17904.
- Accessing a long vector represented by a compact integer sequence no longer segfaults (reported and debugged by Hugh Parsonage).
- duplicated() now works also for strings with multiple encodings inside a single vector PR#17809.
- phyper(11, 15, 0, 12, log.p=TRUE) no longer gives NaN; reported as PR#17271.
- Fix incorrect calculation in logLik.nls() PR#16100, patch from Sebastian Meyer.
- A very old bug could cause a segfault in model.matrix() when terms involved logical variables. Part of PR#17879.
- model.frame.default() allowed data = 1, leading to involuntary variable capture (rest of PR#17879).
- tar() no longer skips non-directory files, thanks to a patch by Sebastian Meyer, fixing the remaining part of PR#16716.

更新時間：2020-07-25
更新細節：

更新時間：2020-01-08
更新細節：

What's new in this version:

Fixes:
- Issue #15724 regarding two-factor authentication
- PMASA-2020-1 which is an SQL injection vulnerability in the user accounts page

更新時間：2019-11-23
更新細節：

What's new in this version:

- Fixes for the "Failed to set session cookie" error which relates to the cookie name. In some cases, data stored in the cookie (such as the previously-used user account) may not be loaded from a previous phpMyAdmin cookie the first time you run version 4.9.2
- Fix for Advisor with MySQL 8.0.3 and newer
- Fix PHP deprecation errors
- Fix a situation where exporting users after a delete query could remove users
- Fix incorrect "You do not have privileges to manipulate with the users!" warning
- Fix copying a database's privileges and several other problems moving columns with MariaDB
- Fix for phpMyAdmin not selecting all the values when using shift-click to select during Export

更新時間：2019-09-21
更新細節：

What's new in this version:

- Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer
- Compatibility issues with PHP 8
- Export of GIS visualization
- Enhanced descriptions for several collation types
- Creating a user with a single quote in the password string
- Unexpected quotes during import and export on text fields
- Improvements to adding new tables to Designer
- Fix an issue where an authenticated user could trigger heavy traffic between the database server and web server
- Fix a weakness where an attacker, under certain conditions, working at the same time as an administrator is using the setup script, could delete a server from the setup script

更新時間：2019-06-06
更新細節：

What's new in this version:

Security fixes:
- PMASA-2019-3 is an SQL injection flaw in the Designer feature
- PMASA-2019-4 is a CSRF attack that's possible through the 'cookie' login form

Bug fixes:
- Several issues with SYSTEM VERSIONING tables
- Fixed json encode error in export
- Fixed JavaScript events not activating on input (sql bookmark issue)
- Show Designer combo boxes when adding a constraint
- Fix edit view
- Fixed invalid default value for bit field
- Fix several errors relating to GIS data types
- Fixed javascript error PMA_messages is not defined
- Fixed import XML data with leading zeros
- Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB > 10.3.4)
- Fixed MySQL 8.0.0 issues with GIS display
- Fixed "Server charset" in "Database server" tab showing wrong information
- Fixed can not copy user on Percona Server 5.7
- Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems

更新時間：2019-01-26
更新細節：

What's new in this version:

The security fixes involve:
- Arbitrary file read vulnerability
- SQL injection in the Designer interface
- The arbitrary file read vulnerability could also be exploited to delete arbitrary files on the server. This attack requires that phpMyAdmin be run with the $cfg['AllowArbitraryServer'] directive set to true, which is not the default. An attacker must run a malicious server process that will masquerade as a MySQL server. This exploit has been found and fixed recently in several other related projects and appears to be caused by a bug in PHP
-
- In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:
- Export to SQL format not available
- QR code not shown when adding two-factor authentication to a user account
- Issue with adding a new user in MySQL 8.0.11 and newer
- Frozen interface relating to Text_Plain_Sql plugin
- Table level Operations tab was missing

更新時間：2018-12-11
更新細節：