View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|18686||Bug reports||Security||public||2023-03-15 11:41||2023-03-15 11:48|
|Summary||18686: Old libraries with known security problems in LimeSurvey 3.28.53|
In November 2022 we made a Penetration-Test with our own LimeSurvey V3.28.32 Server. The result was, that several libraries are old and have known security problems. See https://bugs.limesurvey.org/view.php?id=18492 (closed).
In the solution of Bug-Report 18492 we were told that with LS version 3.28.50+230221 the problem with old libraries is solved (with the eception of lodash which could not be found).
We updated LS to version 3.28.53 and told the Penetration-Test-crew that with the exception of lodash the problem with old libraries with known security problems should be solved.
Unfortunately a new Penetration-Test had the result, that 4 libraries still have security problems. Please include actual library-versions in a new Update of LimeSurvey 3.28.
There is still one old library with no known security problems
|Steps To Reproduce|
Steps to reproduce
(Replace this text with detailed step-by-step instructions on how to reproduce the issue)
(Write here what you expected to happen)
(Write here what happened instead)
|Tags||No tags attached.|
|Complete LimeSurvey version number (& build)||3.28.53+230314|
|I will donate to the project if issue is resolved||No|
|Browser||Independent of Browser|
|Database type & version||MySQL 5.7.40|
|Server OS (if known)||SUSE Linux Enterprise Server 12 SP5|
|Webserver software & version (if known)||Apache 2.4.51-35.19.1|