Hey everyone, As you may know, the new version of LimeSurvey is here! We made several changes to the user interface to improve the user experience. So we have been working on making the first steps in terms of stabilizing and improving the user interface. More enhancements are on the way, we will keep you posted. The following is the new UI design changelog for the latest version of LimeSurvey. We will update you on even more changes to the user interface and other new features in future articles. Below you will find the major user interface improvements to help you get started quickly and easily. Enjoy! “Create survey” shortcut in main navigation You just want to get going and cut to the chase? Great, just choose the first item from the main navigation and you’re ready to go. One click and you are exactly where you want to be, the survey section. Modals (Pop-Ups) All pop-ups in the application now have the same style and are built according to a certain structure to make the whole workflow more user-friendly. Page headers To get a better understanding of where you are in the application we have introduced green banners at the top of every screen of the application. Top bar The most important action buttons have been moved to the top bar and the amount of action buttons has been reduced to the essentials. Action buttons All action buttons are now styled in the same way and one specific action will always have the same icon associated with it for consistency. The most important actions are consistently positioned in the same location, to the left of the top bar. Furthermore, the most important action buttons have been moved to the left-hand side of all tables and we brought consistency in terms of icons, hovers, margins and the order of buttons. Additionally, small text balloons will appear when hovering over them, explaining the functionality of the concerning button. Tables All tables now have a new grid view class and are consistently styled and structured. You will find all buttons to help you see more information or make edits on the far left-hand side of the table. This helps you better manage your surveys, data and survey participants. Icons and small elements Three different icons for a single functionality like “Save”? No thanks! One icon is associated with exactly one functionality to make the design more accessible. The consistency makes for a better user experience. We also synchronized other small elements like dropdown-menu icons, page buttons of tables, main navigation elements and notifications. Pagination Under every table of the application you can now find consistent pagination to the far right-hand side. You can determine how many items you want your table to show you and, by doing so, customize your survey management. We hope you enjoy the new version! Now it is even easier to turn your questions into answers. We will update this changelog with more content whenever there are new elements to the user interface.More blog posts with specifics about these improvements and other changes to the user interface will follow in the upcoming period, so stay tuned. Have a nice day, everybody!
User Interface Design Changelog
- Details
- Category: Security
A vulnerability of high severity was found in LimeSurvey which enables an attacker to get unauthorized access to files and data of your LimeSurvey installation. The LimeSurvey team thanks Pichaya Morimoto (discovery, analysis) from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/) for responsibly reporting the identified issues and working with us as we addressed them. Affected Versions: All versions between 2.0+ (all builds) and 2.06+ Build 151014 Severity: HIGH How to fix: Upgrade to LimeSurvey 2.06+ Build 151016 or later. We stronlgy advise to upgrade to the latest 2.06+ version immediately, either manually or using ComfortUpdate.
- Details
- Category: Security
In LimeSurvey there existed a vulnerability (CVE-2014-6227) that allows an attacker to gain superadministrator access to the LimeSurvey application. This issue affects all 2.00 versions and all 2.05 versions before build 140821. All newer builds of 2.05 (starting with build 140821) are not affected. Although there is currently no known exploit in the wild we strongly recommend to update all older versions to the latest LimeSurvey version immediately. After update you should check for unknown administrator accounts in LimeSurvey. Note: If you are a LimeService user you don't need to worry as we make sure (before anything else) that LimeService always uses the latest build/security patches.
- Details
- Category: Security
We will publish another 1.87 release candidate on Friday - version 1.87 RC3. Those who already use LimeSurvey any 1.87RC and have the update feature activated and working will receive an automatic notice on release. Please continue to give back feedback about this new release - it is something we certainly need to be able to fix any issue quickly. Due to popular demand (mainly by our Portuguese Brazilian community) we decided to create a Portuguese forum so people can help each other in Brazil -if we find volunteers we also would like to offer a complete documentation translated to Portuguese and also a Portuguese version of the homepage - as said: please This email address is being protected from spambots. You need JavaScript enabled to view it. or write in the new Portuguese forum!
- Details
- Category: Security
Have your ideas and feature requests heard! We have set up a new idea tracker tool at http://ideas.limesurvey.org. Now everyone can propose new features and ideas for LimeSurvey and the commmunity can decide what's hot and what's not! You thought of a great new feature and even already imagined how to implement it? Let us know! You had a great idea, and want to see what other people think of it, and get their ideas? Post the idea. You want to decide what features will be most likely implemented next? Cast your vote on already submitted features! * If you have problems logging in to the idea tracker it might be because your passwords are not synchronized. In that case just logout and log back in to the main limesurvey.org site to fix the problem. If it still doesn't work don't hesitate to contact This email address is being protected from spambots. You need JavaScript enabled to view it.!
- Details
- Category: Security
There has been a issue uncovered with the latest LimeSurvey versions. Type of issue: Security issue by that an attacker get access to your LimeSurvey administration and files and can possibly change these - this allows for remote execution and data disclosure. Affected LimeSurvey versions: - LimeSurvey 1.80RC4, 1.80, 1.80+, 1.81, 1.81+ (all Builds) (released around January-April 2009) Exploits in the Wild: This issue was discoverd during a security audit by Dan Schwister (thank you Dan!). Therefore there is no exploit in the wild (yet). Advised solution: Update as soon as possible to the latest LimeSurvey 1.82 or later version available from http://www.limesurvey.org Quick fix: Remove the /admin/remotecontrol/ directory to disable the security problem.
- Details
- Category: Security
There has been a issue uncovered with an older LimeSurvey version, namely Version 1.71+. Type of issue: A version of FCKeditor (namely 2.6.2) which was used at the time inside the LimeSurvey software appears to have a security issue by that an attacker get access to your files and change these. Affected LimeSurvey versions: - LimeSurvey 1.71+ in the range of Build 5245 to 5496 (released around March-April 2008) Exploits in the Wild: Unspecified exploit does exist - please refer to this forum topic for further details Advised solution: Update to the latest LimeSurvey 1.80+ or later version available from http://www.limesurvey.org Recommendations: Check other PHP files on the same webspace for infections of the same kind.
- Details
- Category: Security
For the last couple months the LimeSurvey project has done a lot of self-imposed security audits on the LimeSurvey code base. (Thank you to the Ubuntu Server team for pointing out first issues and giving us a head start.)During this process several security issues have been fixed in the source code which include: Issues where variable manipulation was possible when register_globals in PHP is activated Session Data injection & manipulation Permanent & non-permanent XSS-issues where an attacker could try to gain access by injecting own javacript code into the application Session related issues where a possible attacker could take over the session and/or gain higher access privileges Most of these issue were already fixed for 1.71 stable. (Affected versions: 1.70+ (all builds) and older) On top of that we fixed two moderate issues for the current 1.71 release which were Two XSS attacks for security flaws in the IE6 browser. Session Fixation attack Thank you to security advisor Michal Tresner for reporting.Exploits in the Wild: No known exploits yet. We strongly recommend to update as long it stays that way! Solution: Update to the latest LimeSurvey 1.71+ Build 5147 or later version available from http://www.limesurvey.org This security advisory refers to CVE-2008-2659 - LimeSurvey XSS candidate