- Posts: 2
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Details about security fixes
- mguillem
- Topic Author
- Offline
- New Member
Less
More
6 years 8 months ago #157076
by mguillem
Details about security fixes was created by mguillem
Hi,
I need to evaluate security fixes to decide which updates we need to apply and which updates we can safely skip in our installation. Sadly the description in the release notes are often too short and I just get "Zugriff verweigert." when I try to access the details of an issue in the bugtracker (ex: bugs.limesurvey.org/view.php?id=12433 ).
Are more detailed information about the security fix available somewhere?
Cheers,
Marc.
I need to evaluate security fixes to decide which updates we need to apply and which updates we can safely skip in our installation. Sadly the description in the release notes are often too short and I just get "Zugriff verweigert." when I try to access the details of an issue in the bugtracker (ex: bugs.limesurvey.org/view.php?id=12433 ).
Are more detailed information about the security fix available somewhere?
Cheers,
Marc.
The topic has been locked.
- LouisGac
- Visitor
6 years 8 months ago #157081
by LouisGac
Replied by LouisGac on topic Details about security fixes
In the comfortUpdate security update are clearly indicated in the list.
The topic has been locked.
- mguillem
- Topic Author
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
6 years 8 months ago #157088
by mguillem
Replied by mguillem on topic Details about security fixes
I can only see there that a security update is available. I can't see anything about the content, even less than in the release notes in fact.
The topic has been locked.
- LouisGac
- Visitor
6 years 8 months ago #157089
by LouisGac
Replied by LouisGac on topic Details about security fixes
3 Last ones:
github.com/LimeSurvey/LimeSurvey/blob/ma...elease_notes.txt#L80
github.com/LimeSurvey/LimeSurvey/blob/ma...lease_notes.txt#L123
github.com/LimeSurvey/LimeSurvey/blob/ma...lease_notes.txt#L150
In release notes.
Those are the commits comment. Then just use any git client to find the related commits.
github.com/LimeSurvey/LimeSurvey/blob/ma...elease_notes.txt#L80
github.com/LimeSurvey/LimeSurvey/blob/ma...lease_notes.txt#L123
github.com/LimeSurvey/LimeSurvey/blob/ma...lease_notes.txt#L150
In release notes.
Those are the commits comment. Then just use any git client to find the related commits.
The topic has been locked.
- LouisGac
- Visitor
6 years 8 months ago - 6 years 8 months ago #157090
by LouisGac
Replied by LouisGac on topic Details about security fixes
just in case your not at ease with git:
Will provide you a list of all commits with the string security in its comment.
Then just copy paste SHA in github to see the diff.
Code:
git log --all --grep='security'
Will provide you a list of all commits with the string security in its comment.
Then just copy paste SHA in github to see the diff.
Last edit: 6 years 8 months ago by LouisGac.
The topic has been locked.
- LouisGac
- Visitor
6 years 8 months ago #157091
by LouisGac
Replied by LouisGac on topic Details about security fixes
and just in case you're not at ease with GitHub and sha concept:
The first security commit on the list is this one:
sha is: 06b6ce1e10e94dfc6d998e187b412313fe8de947
Then the commit on github is:
github.com/LimeSurvey/LimeSurvey/commit/...8e187b412313fe8de947
The first security commit on the list is this one:
commit 06b6ce1e10e94dfc6d998e187b412313fe8de947
Author: Denis Chenu <denis@sondages.pro>
Date: Sat Jun 17 16:07:17 2017 +0200
[security] Fixed issue : XSS in survey list
sha is: 06b6ce1e10e94dfc6d998e187b412313fe8de947
Then the commit on github is:
github.com/LimeSurvey/LimeSurvey/commit/...8e187b412313fe8de947
The topic has been locked.