Details about security fixes

More
2 months 3 weeks ago #157076 by mguillem
mguillem created the topic: Details about security fixes
Hi,

I need to evaluate security fixes to decide which updates we need to apply and which updates we can safely skip in our installation. Sadly the description in the release notes are often too short and I just get "Zugriff verweigert." when I try to access the details of an issue in the Bugtracker (ex: bugs.limesurvey.org/view.php?id=12433 ).

Are more detailed information about the security fix available somewhere?

Cheers,
Marc.

Please Log in to join the conversation.

More
2 months 3 weeks ago #157081 by LouisGac
LouisGac replied the topic: Details about security fixes
In the comfortUpdate security update are clearly indicated in the list.

Please Log in to join the conversation.

More
2 months 3 weeks ago #157088 by mguillem
mguillem replied the topic: Details about security fixes
I can only see there that a security update is available. I can't see anything about the content, even less than in the release notes in fact.

Please Log in to join the conversation.

More
2 months 3 weeks ago #157089 by LouisGac
LouisGac replied the topic: Details about security fixes
The following user(s) said Thank You: DenisChenu

Please Log in to join the conversation.

More
2 months 3 weeks ago - 2 months 3 weeks ago #157090 by LouisGac
LouisGac replied the topic: Details about security fixes
just in case your not at ease with git:
git log --all --grep='security'

Will provide you a list of all commits with the string security in its comment.
Then just copy paste SHA in github to see the diff.

Last Edit: 2 months 3 weeks ago by LouisGac.

Please Log in to join the conversation.

More
2 months 3 weeks ago #157091 by LouisGac
LouisGac replied the topic: Details about security fixes
and just in case you're not at ease with GitHub and sha concept:

The first security commit on the list is this one:

commit 06b6ce1e10e94dfc6d998e187b412313fe8de947
Author: Denis Chenu <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Sat Jun 17 16:07:17 2017 +0200

[security] Fixed issue : XSS in survey list


sha is: 06b6ce1e10e94dfc6d998e187b412313fe8de947


Then the commit on github is:
github.com/LimeSurvey/LimeSurvey/commit/...8e187b412313fe8de947

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now