phpMyAdmin 4.9.0.1 release, this is a bug fix release, contains two important security fixes:
- PMASA-2019-3: SQL Designer functions Injection Vulnerability
- PMASA-2019-4: CSRF attacks can be carried out through the "cookie" login form
4.9.0 does not properly Commit the change, so the fixes in 4.9.0.1. Instead of using http auth_type cookie can alleviate CSRF attack, the solution features previously deleted log in directly through the URL parameters. Deleted this feature, because trying to follow the principle of semantic version control, disable function to delete the patch version, the version from 4.8.x increased to 4.9. Previous versions 4.8.x support PHP 5.5 is intended as a LTS version, because of this change, now would be the LTS branch version 4.9.x.
In addition, 4.9.0.1 also brings other bug fixes, details see: