View Issue Details

This bug affects 2 person(s).
 258
IDProjectCategoryView StatusLast Update
20126Bug reportsSecuritypublic2025-06-13 11:26
Reportermanfredsteger Assigned To 
PrioritynoneSeveritypartial_block 
Status newResolutionopen 
Product Version6.6.x 
Summary20126: End-of-Life Software Components in LimeSurvey 6.10.x
Description

A recent analysis revealed that LimeSurvey 6.10.x makes use of software components that are either officially End-of-Life (EOL) or no longer maintained. This status implies that these packages no longer receive security updates or patches, making them a liability in production environments.

Name Version Latest Version Reason Location
ckeditor4 4.22.1 4.25.1 https://endoflife.date/ckeditor /tmp/assets/a26664b9/ckeditor.js
kcfinder 3.12 3.12 The GitHub repository has been archived; the last update was over 10 years ago. https://github.com/sunhater/kcfinder

� Recommended Actions

ckeditor4

    Upgrade to the latest available 4.x version if possible (4.25.1), or better: migrate to CKEditor 5, which is actively maintained.

    Note: Officially considered EOL according to endoflife.date.

kcfinder

    The project has been abandoned; consider replacing it with a maintained alternative (e.g., elFinder).

    Retain only in legacy environments if absolutely necessary — not recommended for production use.

Review the entire dependency tree of LimeSurvey and set up automated monitoring for EOL and vulnerable packages.
Steps To Reproduce

OWASP Test or with pentest-tools.com

TagsNo tags attached.
Attached Files
eols.png (247,904 bytes)
Bug heat258
Complete LimeSurvey version number (& build) 6.10.5
I will donate to the project if issue is resolvedYes
BrowserFF 138.0.4 (aarch64)
Database type & versionMaria DB 11.4
Server OS (if known)Ubuntu 22
Webserver software & version (if known)Apache/2.4.62 (Debian)
PHP Version8.3.17

Users monitoring this issue

There are no users monitoring this issue.

Activities

Mazi

Mazi

2025-06-13 11:26

updater   ~82876

@manfredsteger, the ckeditor issue is a real pain, see the discussion at https://bugs.limesurvey.org/view.php?id=19727.

Issue History

Date Modified Username Field Change
2025-05-27 07:34 manfredsteger New Issue
2025-05-27 07:34 manfredsteger File Added: eols.png
2025-06-13 11:26 Mazi Note Added: 82876
2025-06-13 11:26 Mazi Bug heat 250 => 252
2025-06-13 11:30 guest Bug heat 252 => 258