Insecure versions of Adminer disabled

Some of our customers use a script called Adminer (aka adminer.php) that allows them to modify MySQL database entries. It’s similar to phpMyAdmin.

This is fine, except that old versions of Adminer have a serious security vulnerability that allows “hackers” to take control of sites that use it. If you’ve put an old version of the adminer.php script on your site, then you never updated or removed it, your site is vulnerable to hackers. A couple of our customer’s sites have been “hacked” this way in the last week.

To make sure this doesn’t happen to more customers, we’re disabling any old vulnerable versions of adminer.php (versions earlier than 4.7) and replacing them with a link to this page.

If you try to use a copy of Adminer you’ve previously installed, but you get referred to this page, you should simply install a new version from the Adminer website. Be sure to keep it updated in the future (or delete it when you’re finished using it).

phpMyAdmin updated to version 4.8.3

We’ve updated phpMyAdmin to the latest version, 4.8.3.

Read the rest of this entry »

phpMyAdmin updated to version 4.1.8

We’ve updated phpMyAdmin to the latest version, 4.1.8.

Read the rest of this entry »

phpMyAdmin updated to version 3.4.3.1

We’ve updated phpMyAdmin to the latest version, 3.4.3.1.

Read the rest of this entry »

Software updates: Ruby on Rails, phpMyAdmin, WordPress

We’ve updated several things on our servers today:

  • Ruby on Rails was updated from version 1.2.3 to 1.2.6. (If you use Rails on your site, our page explaining how to freeze Rails explains how you can get total control of Rails updates.)
  • phpMyAdmin was updated from version 2.11.2.1 to 2.11.2.2.
  • The WordPress software that runs this blog was updated to version 2.3.1. That doesn’t directly affect our customers — but if you’ve installed your own version of WordPress on your own site, this is a good reminder to update it: some older versions have security vulnerabilities. (We found that the update from 2.2.X to 2.3.1 was painless.)

phpMyAdmin Updated

We’ve updated phpMyAdmin to version 2.11.2. (In case you aren’t familiar with phpMyAdmin, it’s a Web-based system for managing MySQL databases without requiring you to use the command line; you can find more details on the phpMyAdmin home page.)

phpMyAdmin updated

We’ve updated phpMyAdmin to version 2.11.0. (In case you aren’t familiar with phpMyAdmin, it’s a Web-based system for managing MySQL databases without requiring you to use the command line; you can find more details on the phpMyAdmin home page.)

phpMyAdmin Updated

Our Web-based MySQL interface, phpMyAdmin, has been updated to version 2.10.2. This version includes some security and general bug fixes. Customers should not notice any major changes.