Update to 2.6.1.pl2 --- this supercedes PR ports/78011 Update to phpmyadmin version 2.6.1.pl1: Release notes: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 Announcement e-mail (quoted below) is at http://sourceforge.net/mailarchive/forum.php?thread_id=6674358&forum_id=2141 Patch level 1 of phpMyAdmin 2.6.1 fixes some security problems, along with a few other bugs. A more formal security alert will be posted when ready. Meanwhile, the phpMyAdmin development team strongly advises an upgrade to phpMyAdmin 2.6.1-pl1, and to also apply the following security measures on your PHP installation (if feasible) by modifying your php.ini configuration file (or virtual host settings): - set register_globals to Off - set display_errors to Off - set log_errors to On - define the path to your error log with the error_log directive Both settings are recommended in the PHP documentation on a server running in production. For example: http://www.php.net/manual/en/security.errors.php However, we suggest you review the impact of those changes before applying them. Meanwhile, work continues on the development version 2.6.2.
State Changed From-To: open->closed Committed, thanks!