View Issue Details

This bug affects 1 person(s).
 250
IDProjectCategoryView StatusLast Update
18095Bug reportsSecuritypublic2022-05-09 17:28
Reportergantier Assigned To 
PrioritynoneSeveritytrivial 
Status newResolutionopen 
Product Version3.28.x 
Summary18095: Remove some sensitive files from release packages
Description

Hello,

Would it be possible to remove some files before publishing a new package :

  • .gitignore
  • composer.json
  • ... ?

If server is not configured to avoid to display those files, it can help an attacker to identify the version of the application and dependencies or the location of "interesting" files (config, ...).

Regards

Steps To Reproduce

Steps to reproduce

Access https://server.com/.gitignore

Expected result

Blank page or 404 error

Actual result

Display the gitignore content

TagsNo tags attached.
Bug heat250
Complete LimeSurvey version number (& build)3.28.3+220315
I will donate to the project if issue is resolvedNo
BrowserAll
Database type & versionAll
Server OS (if known)All
Webserver software & version (if known)All
PHP VersionAll

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2022-05-09 17:28 gantier New Issue