Important XAMPP Security Fix

Announcements and news about XAMPP and the Apache Friends project.

Important XAMPP Security Fix

Postby Beltran » 25. February 2016 15:35

Hi Apache Friends!

We have just released new versions of all XAMPP supported versions for Windows, Linux and OS X: 7.0.3-1, 5.6.15-2 and 5.5.30-7.

You can download new versions at http://www.apachefriends.org/download.html.

Impact: An attacker could have access phpMyAdmin from remote servers bypassing the XAMPP security approach. This issue affects all platforms.

All users running an affected release should either upgrade or use one of the workarounds immediately.

Workaround: If you already have a previous version installed and you can not install a new XAMPP, please do the following changes in your XAMPP files:

Windows: C:\xampp\apache\conf\extra\httpd-xampp.conf

Linux: /opt/lampp/etc/extra/httpd-xampp.conf

OS X: /Applications/XAMPP/etc/extra/httpd-xampp.conf

Code: Select all
Alias /phpmyadmin "/xampp/phpMyAdmin/"
<Directory "/xampp/phpMyAdmin">
  AllowOverride AuthConfig
- Require all granted
+ Require local
+ ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>
User avatar
Beltran
Power-User
 
Posts: 170
Joined: 22. March 2013 12:29
XAMPP version: 10
Operating System: Windows, Linux, OS X

Return to Announcements and news

Who is online

Users browsing this forum: No registered users and 4 guests