Hi Apache Friends!
We have just released new versions of all XAMPP supported versions for Windows, Linux and OS X: 7.0.3-1, 5.6.15-2 and 5.5.30-7.
You can download new versions at http://www.apachefriends.org/download.html.
Impact: An attacker could have access phpMyAdmin from remote servers bypassing the XAMPP security approach. This issue affects all platforms.
All users running an affected release should either upgrade or use one of the workarounds immediately.
Workaround: If you already have a previous version installed and you can not install a new XAMPP, please do the following changes in your XAMPP files:
OS X: /Applications/XAMPP/etc/extra/httpd-xampp.conf
Alias /phpmyadmin "/xampp/phpMyAdmin/"
- Require all granted
+ Require local
+ ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
Thanks to Kartik Adavane for reporting it.