View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 256
IDProjectCategoryView StatusDate SubmittedLast Update
11642Bug reportsSecuritypublic2016-09-09 16:232016-09-20 10:48
Reporterasshank Assigned Toc_schmitz  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version2.52.x 
Fixed in Version2.52.x 
Summary11642: ckeditor 5.4.11
Description

ckeditor 5.4.8 is used.

Because of a security fix is it wise to distribute the latest version 5.4.11?

http://ckeditor.com/blog/CKEditor-4.5.11-Released

Steps To Reproduce

na

Additional Information

na

TagsNo tags attached.
Bug heat256
Complete LimeSurvey version number (& build)160908
I will donate to the project if issue is resolvedNo
Browserna
Database type & versionna
Server OS (if known)na
Webserver software & version (if known)na
PHP Versionna

Users monitoring this issue

There are no users monitoring this issue.

Activities

jelo

jelo

2016-09-09 18:09

partner   ~40743

The security of a LimeSurvey installation is not hit by this.
Not sure if a Link to Ckeditor.com is in the embedded editor.

Here the security fix description for the homepage:
We have fixed a minor security issue - a target="_blank" vulnerability reported by James Gaskell (a BIG thank you!).

If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or malicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.
asshank

asshank

2016-09-09 21:16

reporter   ~40744

Version should be 4.5.11 :-)

It is always good practice to use the latest version, also of third party software. A minor issue, but just something I stumbled on.
c_schmitz

c_schmitz

2016-09-12 14:26

administrator   ~40761

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=20461
c_schmitz

c_schmitz

2016-09-20 10:48

administrator   ~40837

Version 2.52 Build 160920 released

Related Changesets

LimeSurvey: master 810c6466

2016-09-12 12:26:43

c_schmitz

Details Diff 		Fixed issue 11642: Update CKEditor to Version 4.5.11 Affected Issues
11642
mod - third_party/ckeditor/CHANGES.md Diff File
mod - third_party/ckeditor/README.md Diff File
mod - third_party/ckeditor/build-config.js Diff File
mod - third_party/ckeditor/ckeditor.js Diff File
mod - third_party/ckeditor/lang/af.js Diff File
mod - third_party/ckeditor/lang/ar.js Diff File
mod - third_party/ckeditor/lang/bg.js Diff File
mod - third_party/ckeditor/lang/bn.js Diff File
mod - third_party/ckeditor/lang/bs.js Diff File
mod - third_party/ckeditor/lang/ca.js Diff File
mod - third_party/ckeditor/lang/cs.js Diff File
mod - third_party/ckeditor/lang/cy.js Diff File
mod - third_party/ckeditor/lang/da.js Diff File
mod - third_party/ckeditor/lang/de-ch.js Diff File
mod - third_party/ckeditor/lang/de.js Diff File
mod - third_party/ckeditor/lang/el.js Diff File
mod - third_party/ckeditor/lang/en-au.js Diff File
mod - third_party/ckeditor/lang/en-ca.js Diff File
mod - third_party/ckeditor/lang/en-gb.js Diff File
mod - third_party/ckeditor/lang/en.js Diff File
mod - third_party/ckeditor/lang/eo.js Diff File
mod - third_party/ckeditor/lang/es.js Diff File
mod - third_party/ckeditor/lang/et.js Diff File
mod - third_party/ckeditor/lang/eu.js Diff File
mod - third_party/ckeditor/lang/fa.js Diff File
mod - third_party/ckeditor/lang/fi.js Diff File
mod - third_party/ckeditor/lang/fo.js Diff File
mod - third_party/ckeditor/lang/fr-ca.js Diff File
mod - third_party/ckeditor/lang/fr.js Diff File
mod - third_party/ckeditor/lang/gl.js Diff File
mod - third_party/ckeditor/lang/gu.js Diff File
mod - third_party/ckeditor/lang/he.js Diff File
mod - third_party/ckeditor/lang/hi.js Diff File
mod - third_party/ckeditor/lang/hr.js Diff File
mod - third_party/ckeditor/lang/hu.js Diff File
mod - third_party/ckeditor/lang/id.js Diff File
mod - third_party/ckeditor/lang/is.js Diff File

Issue History

Date Modified Username Field Change
2016-09-09 16:23 asshank New Issue
2016-09-09 18:09 jelo Note Added: 40743
2016-09-09 21:16 asshank Note Added: 40744
2016-09-12 14:26 c_schmitz Changeset attached => LimeSurvey master 810c6466
2016-09-12 14:26 c_schmitz Note Added: 40761
2016-09-12 14:26 c_schmitz Assigned To => c_schmitz
2016-09-12 14:26 c_schmitz Resolution open => fixed
2016-09-12 14:27 c_schmitz Status new => resolved
2016-09-12 14:27 c_schmitz Fixed in Version => 2.52.x
2016-09-20 10:48 c_schmitz Note Added: 40837
2016-09-20 10:48 c_schmitz Status resolved => closed