- Posts: 21
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Update limesurvey 3.2 > limesurvey4.2.7 fails
- Dennis
- Topic Author
- Offline
- Junior Member
Less
More
3 years 9 months ago - 3 years 9 months ago #200730
by Dennis
Update limesurvey 3.2 > limesurvey4.2.7 fails was created by Dennis
During the update from 3.2 to 4.2, the database upgrade failed with the following error:
CDbCommand faalde tijdens het uitvoeren van volgend SQL statement: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '75-nl' for key 'lime_idx1_label_l10ns'
Bestand update_helper.php, regel 31.
The database is checked and clean. As 3.2 has a xss-vulnerability we would like to update. What to do?
CDbCommand faalde tijdens het uitvoeren van volgend SQL statement: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '75-nl' for key 'lime_idx1_label_l10ns'
Bestand update_helper.php, regel 31.
The database is checked and clean. As 3.2 has a xss-vulnerability we would like to update. What to do?
Last edit: 3 years 9 months ago by Dennis.
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11758
- Thank you received: 2753
3 years 9 months ago #200765
by holch
Any source?
Currently I would NOT recommend 4.x for production environments.
Why not first upgrade from 3.2 to the latest version of this branch (3.22.19)?
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Update limesurvey 3.2 > limesurvey4.2.7 fails
As 3.2 has a xss-vulnerability
Any source?
Currently I would NOT recommend 4.x for production environments.
Why not first upgrade from 3.2 to the latest version of this branch (3.22.19)?
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The topic has been locked.
- Dennis
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
3 years 9 months ago #200770
by Dennis
Replied by Dennis on topic Update limesurvey 3.2 > limesurvey4.2.7 fails
We got a warning from a pen-tester who demonstrated the XSS problem.
Ok, I'll try to install 3.22.19. Is it correct I have to pay to download that version?
Ok, I'll try to install 3.22.19. Is it correct I have to pay to download that version?
Attachments:
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11758
- Thank you received: 2753
3 years 9 months ago - 3 years 9 months ago #200771
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Update limesurvey 3.2 > limesurvey4.2.7 fails
As far as I know there has been a reported XSS vulnerability with the versions of 3.17 and before, but this version was from September 2019, so more than half a year old. After this, there has been a fix for this vulnerability, afaik.
And no, you do not have to pay to download that version. It is freely available in the download section here:
www.limesurvey.org/about-limesurvey/download
More specifically here:
www.limesurvey.org/lts-releases-download
With Limesurvey you generally only pay for two things:
- Limesurvey Pro (SaaS), the hosted version of Limesurvey. Here you are paying for the hosting.
- In Limesurvey CE you can decide to pay for the Comfort Update. It makes updating a lot easier, smoother and more comfortable, as the name says, but it is no requirement by any means. You can still upgrade the traditional manual way or write your own script to update.
As I said, I currently would not go for 4.x for a production installation. Too many annoying bugs still open and found every day. It makes sense to have an installation of 4.x in parallel for testing and bug reporting, but I personally would not run real surveys on it just yet.
And no, you do not have to pay to download that version. It is freely available in the download section here:
www.limesurvey.org/about-limesurvey/download
More specifically here:
www.limesurvey.org/lts-releases-download
With Limesurvey you generally only pay for two things:
- Limesurvey Pro (SaaS), the hosted version of Limesurvey. Here you are paying for the hosting.
- In Limesurvey CE you can decide to pay for the Comfort Update. It makes updating a lot easier, smoother and more comfortable, as the name says, but it is no requirement by any means. You can still upgrade the traditional manual way or write your own script to update.
As I said, I currently would not go for 4.x for a production installation. Too many annoying bugs still open and found every day. It makes sense to have an installation of 4.x in parallel for testing and bug reporting, but I personally would not run real surveys on it just yet.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Last edit: 3 years 9 months ago by holch.
The topic has been locked.
- Dennis
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
3 years 9 months ago #200774
by Dennis
Replied by Dennis on topic Update limesurvey 3.2 > limesurvey4.2.7 fails
Thank you!
The topic has been locked.