Manually updating phpmyadmin on Plesk 9.5

[mvandemar]

I am working with a client who was hacked, and one of the issues I discovered that is less than optimal is that he was still using phpmyadmin 2.11.9.6 on his Plesk installation. I brought this to his attention, and he contacted his host about upgrading, and this was their reply:

"Installing or upgrading phpMyAdmin manually is not recommended. The build included in the Plesk distribution package is modified by Parallels and is thoroughly tested for functional performance and compatibility with Plesk. If you install phpMyAdmin from an installation package produced by others, or if you apply an upgrade package produced by others to phpMyAdmin that has been installed automatically by Plesk, the phpMyAdmin performance or its integration with Plesk may be compromised.

If you want to upgrade to a later phpMyAdmin version, do it by applying a Plesk upgrade package that includes the newer version of phpMyAdmin."

The way to best update phpmyadmin is to update the Plesk panel itself. Unfortunately, we have seen a lot of issues with the new version of plesk 10. If you would rather just patch phpmyadmin, there is a supported patch available, as per the Parallels knowledgebase, which fixes a few of the security issues. I realize this isn't the latest release, but you are locked-in in a way if you want to continue using Plesk 9.5.

The patch they were referring to is the one discussed in http://kb.odin.com/en/8934, but that only brings the phpmyadmin up to 2.11.10.1, which is from last year, and there have been several security issues with that one as well.

Does anyone know if there is an up to date phpmyadmin package released that will work with Plesk 9.5? Or what would need to be done in order for the official release to work with no issues? Will Plesk 9.5 support the phpmyadmin 3.4 branch? I tried Googling for more information on manual upgrades, but everything I found was outdated. Any assistance would be appreciated, thanks.

Edit: Also, I just realized that the line his tech support gave him about not upgrading phpmyadmin is from the Plesk Windows documentation, and I cannot find anything at all about upgrading phpmyadmin in the Linux docs that I checked. Any idea if the issues are the same with the Linux version of Plesk?

-Michael

 

[Amin Taheri]

There is not one no, Parallels has never seemed to care about the security of the phpMyAdmin - it would seem like they should be able to package it up and include it in their psa-base or even a separate package so they can provide security patches but that doesn't seem to be a priority for them.

 

[mvandemar]

Amin, thank you for your reply. Do you know if there are any tutorials out there for doing an upgrade manually, or what issues might be expected?

-Michael

 

[Amin Taheri]

I dont know of any tutorials - but if you mess with the parallels version then the auto login will not work and all users will have to login to phpmyadmin manually. There could also be other implications since the parallels dev team does some work on their code base to integrate it into Plesk.