View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 18095 | Bug reports | Security | public | 2022-05-09 17:28 | 2022-05-09 17:28 |
| Reporter | gantier | Assigned To | |||
| Priority | none | Severity | trivial | ||
| Status | new | Resolution | open | ||
| Product Version | 3.28.x | ||||
| Summary | 18095: Remove some sensitive files from release packages | ||||
| Description | Hello, Would it be possible to remove some files before publishing a new package :
If server is not configured to avoid to display those files, it can help an attacker to identify the version of the application and dependencies or the location of "interesting" files (config, ...). Regards | ||||
| Steps To Reproduce | Steps to reproduceAccess https://server.com/.gitignore Expected resultBlank page or 404 error Actual resultDisplay the gitignore content | ||||
| Tags | No tags attached. | ||||
| Bug heat | 250 | ||||
| Complete LimeSurvey version number (& build) | 3.28.3+220315 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | All | ||||
| Database type & version | All | ||||
| Server OS (if known) | All | ||||
| Webserver software & version (if known) | All | ||||
| PHP Version | All | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-05-09 17:28 | gantier | New Issue |
