View Issue Details

This bug affects 1 person(s).
IDProjectCategoryView StatusLast Update
18095Bug reportsSecuritypublic2022-05-09 17:28
Reportergantier Assigned To 
Status newResolutionopen 
Product Version3.28.x 
Summary18095: Remove some sensitive files from release packages


Would it be possible to remove some files before publishing a new package :

  • .gitignore
  • composer.json
  • ... ?

If server is not configured to avoid to display those files, it can help an attacker to identify the version of the application and dependencies or the location of "interesting" files (config, ...).


Steps To Reproduce

Steps to reproduce


Expected result

Blank page or 404 error

Actual result

Display the gitignore content

TagsNo tags attached.
Bug heat250
Complete LimeSurvey version number (& build)3.28.3+220315
I will donate to the project if issue is resolvedNo
Database type & versionAll
Server OS (if known)All
Webserver software & version (if known)All
PHP VersionAll

Users monitoring this issue

User List There are no users monitoring this issue.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2022-05-09 17:28 gantier New Issue