View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
18686 | Bug reports | Security | public | 2023-03-15 11:41 | 2023-03-15 11:48 |
Reporter | LDBV | Assigned To | |||
Priority | none | Severity | partial_block | ||
Status | new | Resolution | open | ||
Product Version | 3.28.x | ||||
Summary | 18686: Old libraries with known security problems in LimeSurvey 3.28.53 | ||||
Description | In November 2022 we made a Penetration-Test with our own LimeSurvey V3.28.32 Server. The result was, that several libraries are old and have known security problems. See https://bugs.limesurvey.org/view.php?id=18492 (closed). In the solution of Bug-Report 18492 we were told that with LS version 3.28.50+230221 the problem with old libraries is solved (with the eception of lodash which could not be found). We updated LS to version 3.28.53 and told the Penetration-Test-crew that with the exception of lodash the problem with old libraries with known security problems should be solved. Unfortunately a new Penetration-Test had the result, that 4 libraries still have security problems. Please include actual library-versions in a new Update of LimeSurvey 3.28. Thanks. Select2 4.0.2 bootstrap-switch 3.3.2 lodash 4.17.15 There is still one old library with no known security problems | ||||
Steps To Reproduce | Steps to reproduce(Replace this text with detailed step-by-step instructions on how to reproduce the issue) Expected result(Write here what you expected to happen) Actual result(Write here what happened instead) | ||||
Tags | No tags attached. | ||||
Bug heat | 254 | ||||
Complete LimeSurvey version number (& build) | 3.28.53+230314 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | Independent of Browser | ||||
Database type & version | MySQL 5.7.40 | ||||
Server OS (if known) | SUSE Linux Enterprise Server 12 SP5 | ||||
Webserver software & version (if known) | Apache 2.4.51-35.19.1 | ||||
PHP Version | 7.0.7-50.105.1 | ||||
User List | LDBV |
---|