Back to Changelog
v1.0.226
Critical database security fixes: same-name collision enforcement, scoped database grants, drift detector, smart SQL import, and scoped phpMyAdmin SSO tokens.
New Features
3- Added GET /api/v1/databases/drift endpoint (ROOT/ADMIN only): compares MySQL server state against panel.databases, detecting orphan databases, reverse orphans, and likely owner via username prefix matching.
- Added POST /api/v1/databases/{id}/import-sql endpoint with defense-in-depth: 12-pattern regex strip (CREATE/DROP DATABASE, USE, DEFINER, GTID_PURGED, GRANT, USER DDL, FLUSH PRIVILEGES including conditional comment variants) plus ephemeral privilege-scoped MySQL account (pma_imp_<hex16>) for execution isolation. Supports gzip dumps and optional drop_existing truncation.
- phpMyAdmin SSO now supports scoped sessions: POST /api/v1/phpmyadmin/sso-token?database_id=X creates a temporary account with safe grants scoped to that database only (1h TTL, background cleanup every 15 minutes).
Improvement
1- Added migration 000416 adding scoped_db_name and scoped_cleanup columns to phpmyadmin_sso_tokens table with a partial index for efficient cleanup scheduling.
Security Fixes
2- CreateDatabase now rejects requests when a MySQL database with the same name already exists, preventing silent cross-tenant privilege escalation (ALL PRIVILEGES granted to a new user on an existing DB).
- New database users are now created with safe scoped grants (SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, REFERENCES, EXECUTE, CREATE TEMPORARY TABLES, LOCK TABLES, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER) — DROP is intentionally excluded.