Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Details about security fixes

  • mguillem
  • mguillem's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
6 years 8 months ago #157076 by mguillem
Details about security fixes was created by mguillem
Hi,

I need to evaluate security fixes to decide which updates we need to apply and which updates we can safely skip in our installation. Sadly the description in the release notes are often too short and I just get "Zugriff verweigert." when I try to access the details of an issue in the bugtracker (ex: bugs.limesurvey.org/view.php?id=12433 ).

Are more detailed information about the security fix available somewhere?

Cheers,
Marc.
The topic has been locked.
  • LouisGac
  • LouisGac's Avatar
  • Visitor
  • Visitor
6 years 8 months ago #157081 by LouisGac
Replied by LouisGac on topic Details about security fixes
In the comfortUpdate security update are clearly indicated in the list.
The topic has been locked.
  • mguillem
  • mguillem's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
6 years 8 months ago #157088 by mguillem
Replied by mguillem on topic Details about security fixes
I can only see there that a security update is available. I can't see anything about the content, even less than in the release notes in fact.
The topic has been locked.
  • LouisGac
  • LouisGac's Avatar
  • Visitor
  • Visitor
6 years 8 months ago #157089 by LouisGac
Replied by LouisGac on topic Details about security fixes
The topic has been locked.
  • LouisGac
  • LouisGac's Avatar
  • Visitor
  • Visitor
6 years 8 months ago - 6 years 8 months ago #157090 by LouisGac
Replied by LouisGac on topic Details about security fixes
just in case your not at ease with git:
Code:
git log --all --grep='security'

Will provide you a list of all commits with the string security in its comment.
Then just copy paste SHA in github to see the diff.

Last edit: 6 years 8 months ago by LouisGac.
The topic has been locked.
  • LouisGac
  • LouisGac's Avatar
  • Visitor
  • Visitor
6 years 8 months ago #157091 by LouisGac
Replied by LouisGac on topic Details about security fixes
and just in case you're not at ease with GitHub and sha concept:

The first security commit on the list is this one:

commit 06b6ce1e10e94dfc6d998e187b412313fe8de947
Author: Denis Chenu <denis@sondages.pro>
Date: Sat Jun 17 16:07:17 2017 +0200

[security] Fixed issue : XSS in survey list


sha is: 06b6ce1e10e94dfc6d998e187b412313fe8de947


Then the commit on github is:
github.com/LimeSurvey/LimeSurvey/commit/...8e187b412313fe8de947
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose