20126: End-of-Life Software Components in LimeSurvey 6.10.x

This bug affects 2 person(s).

258

ID Project Category View Status Date Submitted Last Update

20126 Bug reports Security public 2025-05-27 07:34 2025-06-13 11:26

Reporter manfredsteger Assigned To

Priority none Severity partial_block

Status new Resolution open

Product Version 6.6.x

Summary 20126: End-of-Life Software Components in LimeSurvey 6.10.x

Description

A recent analysis revealed that LimeSurvey 6.10.x makes use of software components that are either officially End-of-Life (EOL) or no longer maintained. This status implies that these packages no longer receive security updates or patches, making them a liability in production environments.

Name	Version	Latest Version	Reason	Location
ckeditor4	4.22.1	4.25.1	https://endoflife.date/ckeditor	/tmp/assets/a26664b9/ckeditor.js
kcfinder	3.12	3.12	The GitHub repository has been archived; the last update was over 10 years ago.	https://github.com/sunhater/kcfinder

� Recommended Actions

ckeditor4

    Upgrade to the latest available 4.x version if possible (4.25.1), or better: migrate to CKEditor 5, which is actively maintained.

    Note: Officially considered EOL according to endoflife.date.

kcfinder

    The project has been abandoned; consider replacing it with a maintained alternative (e.g., elFinder).

    Retain only in legacy environments if absolutely necessary — not recommended for production use.

Review the entire dependency tree of LimeSurvey and set up automated monitoring for EOL and vulnerable packages.

Steps To Reproduce

OWASP Test or with pentest-tools.com

Tags No tags attached.

Attached Files

eols.png (247,904 bytes)

Bug heat 258

Complete LimeSurvey version number (& build) 6.10.5

I will donate to the project if issue is resolved Yes

Browser FF 138.0.4 (aarch64)

Database type & version Maria DB 11.4

Server OS (if known) Ubuntu 22

Webserver software & version (if known) Apache/2.4.62 (Debian)

PHP Version 8.3.17

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2025-05-27 07:34	manfredsteger	New Issue
2025-05-27 07:34	manfredsteger	File Added: eols.png
2025-06-13 11:26	Mazi	Note Added: 82876
2025-06-13 11:26	Mazi	Bug heat	250 => 252
2025-06-13 11:30	guest	Bug heat	252 => 258

View Issue Details

Users monitoring this issue

Activities

Issue History

Mazi 2025-06-13 11:26 updater ~82876	@manfredsteger, the ckeditor issue is a real pain, see the discussion at https://bugs.limesurvey.org/view.php?id=19727.