We have just released new versions of all XAMPP supported versions for Windows, Linux and OS X: 7.0.3-1, 5.6.15-2 and 5.5.30-7.
You can download new versions at http://www.apachefriends.org/download.html.
Impact: An attacker could have access phpMyAdmin from remote servers bypassing the XAMPP security approach. This issue affects all platforms.
All users running an affected release should either upgrade or use one of the workarounds immediately.
Workaround: If you already have a previous version installed and you can not install a new XAMPP, please do the following changes in your XAMPP files:
OS X: /Applications/XAMPP/etc/extra/httpd-xampp.conf
- Code: Select all
Alias /phpmyadmin "/xampp/phpMyAdmin/"
- Require all granted
+ Require local
+ ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var