Security

We take seriously any security issues found in our code. On the right side, you can see past security issues which were discovered and fixed. For critical issues, we publish a security release (whose number contains a fourth digit like 3.3.10.5). See our documentation for more details about our security policy.

Should you find a security issue in the phpMyAdmin programming code, please contact the phpMyAdmin security team in advance before publishing it. This way we can prepare a fix and release the fix together with your announcement. You will be also given credit in our security announcement.

You can optionally encrypt your report with PGP key ID DA68AB39218AB947 with following fingerprint:


pub   4096R/DA68AB39218AB947 2016-08-02
      Key fingerprint = 5BAD 38CF B980 50B9 4BD7  FB5B DA68 AB39 218A B947
uid                          phpMyAdmin Security Team <security@phpmyadmin.net>
sub   4096R/5E4176FB497A31F7 2016-08-02

The key can be either obtained from the keyserver or is available in phpMyAdmin keyring available on our download server or using Keybase.

Should you have suggestion on improving phpMyAdmin to make it more secure, please report that to our issue tracker. Existing improvement suggestions can be found by hardening label.

Please note that any support requests on this address will not be answered; you should use the standard support ways mentioned on the support page.

To follow latest security releases you can use a RSS feed.

Announcements