View Issue Details

This bug affects 1 person(s).
IDProjectCategoryView StatusLast Update
18686Bug reportsSecuritypublic2023-03-15 11:48
ReporterLDBV Assigned To 
Status newResolutionopen 
Product Version3.28.x 
Summary18686: Old libraries with known security problems in LimeSurvey 3.28.53

In November 2022 we made a Penetration-Test with our own LimeSurvey V3.28.32 Server. The result was, that several libraries are old and have known security problems. See (closed).

In the solution of Bug-Report 18492 we were told that with LS version 3.28.50+230221 the problem with old libraries is solved (with the eception of lodash which could not be found).

We updated LS to version 3.28.53 and told the Penetration-Test-crew that with the exception of lodash the problem with old libraries with known security problems should be solved.

Unfortunately a new Penetration-Test had the result, that 4 libraries still have security problems. Please include actual library-versions in a new Update of LimeSurvey 3.28.


Select2 4.0.2
You find it here: /limesurvey/tmp/assets/10e53f01/js/select2.full.min.js
known security problem:
actual library-version is 4.0.13

bootstrap-switch 3.3.2
You find it here: /limesurvey/tmp/assets/bc285a5f/js/bootstrap-switch.min.js
known security problem:,
there is no more actual library-version (with no security problem) available, but as soon as one is available it should be included

lodash 4.17.15
You find it here: /limesurvey/tmp/assets/65017804/build.min/js/adminsidepanel.js
known security problem:,
actual library-version is 4.17.21

There is still one old library with no known security problems
Bootstrap: 3.4.1
You find it here: /limesurvey/tmp/assets/eada61fb/bootstrap.min.js

Steps To Reproduce

Steps to reproduce

(Replace this text with detailed step-by-step instructions on how to reproduce the issue)

Expected result

(Write here what you expected to happen)

Actual result

(Write here what happened instead)

TagsNo tags attached.
Bug heat254
Complete LimeSurvey version number (& build)3.28.53+230314
I will donate to the project if issue is resolvedNo
BrowserIndependent of Browser
Database type & versionMySQL 5.7.40
Server OS (if known)SUSE Linux Enterprise Server 12 SP5
Webserver software & version (if known)Apache 2.4.51-35.19.1
PHP Version7.0.7-50.105.1

Users monitoring this issue





2023-03-15 11:48

reporter   ~74120

Meanwhile we have Apache: 2.4.51-35.22.1 as Webserver

Issue History

Date Modified Username Field Change
2023-03-15 11:41 LDBV New Issue
2023-03-15 11:44 LDBV Issue Monitored: LDBV
2023-03-15 11:44 LDBV Bug heat 250 => 252
2023-03-15 11:48 LDBV Note Added: 74120
2023-03-15 11:48 LDBV Bug heat 252 => 254