During the update from 3.2 to 4.2, the database upgrade failed with the following error:


CDbCommand faalde tijdens het uitvoeren van volgend SQL statement: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '75-nl' for key 'lime_idx1_label_l10ns'

Bestand update_helper.php, regel 31.


The database is checked and clean. As 3.2 has a xss-vulnerability we would like to update. What to do?

As 3.2 has a xss-vulnerability

Any source?

Currently I would NOT recommend 4.x for production environments.

Why not first upgrade from 3.2 to the latest version of this branch (3.22.19)?

We got a warning from a pen-tester who demonstrated the XSS problem.

Ok, I'll try to install 3.22.19. Is it correct I have to pay to download that version?

As far as I know there has been a reported XSS vulnerability with the versions of 3.17 and before, but this version was from September 2019, so more than half a year old. After this, there has been a fix for this vulnerability, afaik.

And no, you do not have to pay to download that version. It is freely available in the download section here:

www.limesurvey.org/about-limesurvey/download

More specifically here:
www.limesurvey.org/lts-releases-download

With Limesurvey you generally only pay for two things:

- Limesurvey Pro (SaaS), the hosted version of Limesurvey. Here you are paying for the hosting.
- In Limesurvey CE you can decide to pay for the Comfort Update. It makes updating a lot easier, smoother and more comfortable, as the name says, but it is no requirement by any means. You can still upgrade the traditional manual way or write your own script to update.

As I said, I currently would not go for 4.x for a production installation. Too many annoying bugs still open and found every day. It makes sense to have an installation of 4.x in parallel for testing and bug reporting, but I personally would not run real surveys on it just yet.

Thank you!