Important XAMPP Security Fix
Hi Apache Friends!
We have just released new versions of all XAMPP supported versions for Windows, Linux and OS X: 7.0.3-1, 5.6.15-2 and 5.5.30-7.
You can download new versions at http://www.apachefriends.org/download.html.
Impact: An attacker could have access phpMyAdmin from remote servers bypassing the XAMPP security approach. This issue affects all platforms.
All users running an affected release should either upgrade or use one of the workarounds immediately.
Workaround: If you already have a previous version installed and you can not install a new XAMPP, please do the following changes in your XAMPP files:
Windows: C:\xampp\apache\conf\extra\httpd-xampp.conf
Linux: /opt/lampp/etc/extra/httpd-xampp.conf
OS X: /Applications/XAMPP/etc/extra/httpd-xampp.conf
Alias /phpmyadmin "/xampp/phpMyAdmin/"
<Directory "/xampp/phpMyAdmin">
AllowOverride AuthConfig
- Require all granted
+ Require local
+ ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>
Thanks to Kartik Adavane for reporting it.