LimeSurvey 6.2.0
31 July 2023
LimeSurvey version 6.2.0 is now available (major release).
Upgrading to LimeSurvey 6.2.0
LimeSurvey 6.2.0 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply LimeSurvey updates as new versions are released, or use Installatron's Clone feature to duplicate an existing LimeSurvey install to test the 6.2.0 upgrade prior to applying it live. Get started managing your LimeSurvey installations with Installatron
What's New in LimeSurvey 6.2.0
6.2.0
Security
- #18967: [security] User can import User Roles having permission (#3295) (Denis Chenu)
- #18967: [security] User can add malicious content in User Roles (#3292) (Denis Chenu)
- #18974: [security] Stored XSS via user's Full Name (#3300) (Denis Chenu)
New Features
- Update the style of the admin file manager (#3093) (jack-han-115)
- Combine question list, group list, and reorder into one page (#3070) (jack-han-115)
- #18742: Allow "User Admins" to see Users' Roles (#3048) (Valerio Bozzolan)
Bug Fixes and Changes
- show no survey menu when no survey options are available (twilligls)
- removed potential PHP notices for printanswers view (twilligls)
- image-select checkbox design was broken (twilligls)
- group description spacing wrong in mobile view (twilligls)
- changed 766px breakpoint to valid 767px (twilligls)
- captcha cols and button icon alignment (twilligls)
- Typo in vanilla save form (twilligls)
- #CR-999: 5pointquestion on mobile devices (twilligls)
- #CR-1283: Ensure surveyActivated is passed to views/admin/survey/organizeGroupsAndQuestions_view (#3305) (tiborpacalat)
- #CR-1211: Language switcher renders differently in firefox… (#3254) (Tim Willig)
- #CR-1156: error and save pages were loading twig files of wrong su… (#3164) (Tim Willig)
- #CR-1287: fixed invalid options string throwing errors when exporting a survey (Patrick Teichmann)
- #CR-1266: Remove exclamation icon from instructions for em_tip text (Patrick Teichmann)
- #CR-1210: fixed sizing and spacing of navbar, top-container, body (Patrick Teichmann)
- #CR-1181: Bootstrap is loaded twice in ls6_surveytheme (Patrick Teichmann)
- #CR-1049: footer positioned incorrectly and not at the end of visible page (#3039) (jack-han-115)
- #18963: On PHP 8.2 new DateTime() can not be invoked with null (#3291) (Johannes Weberhofer)
- #18936: User count in group is not OK after deleting a user (#3286) (Gabriel Jenik)
- #18876: Plugin expose full path when an error is reported in the plugin list (#3283) (Gabriel Jenik)
- #18798: Out-of-memory problem in statistics export (#3231) (#3267) (Gabriel Jenik)
- #18725: Reorder questions/question groups can break survey (tests) (#3178) (Gabriel Jenik)
- #18694: Invalid HTML for list radio questions due to missing closing ul element (#3226) (Gabriel Jenik)
- #18573: Insert new box with overlapping position, makes the dashboard to show duplicate boxes (#3289) (Gabriel Jenik)
- #18495: configuration tab is not visible to a user with only create label set permission (#3185) (Denis Chenu)
- #18278: Quick translation - "Nothing to translate" appears wrongly (#3296) (Gabriel Jenik)
6.1.8
Security
- #18927: [security] Export user roles without authorization (#3272) (Gabriel Jenik)
Bug Fixes
- #18942: Roles - Permissions Modal is too narrow (#3276) (Gabriel Jenik)
- #18937: Action menu stop work after any action on any user (#3282) (Gabriel Jenik)
- #18929: Cannot edit data notification entries (#3265) (Gabriel Jenik)
- #18837: Unable to replace record during reimport of VV files (#3275) (Denis Chenu)
- #18368: export_statistics from API yields error (#3244) (Gabriel Jenik)
- #18281: Users in group are not deleted (#2565) (Gabriel Jenik)
6.1.7
Security
- #18934: [security] Stored XSS in label set administration (#3271) (Gabriel Jenik)
- #18928: [security] Stored XSS on Survey "Notification and data function" (#3270) (Gabriel Jenik)
- #18923: [security] Admin notification permissions updated (Patrick Teichmann)
- #18884: [security] Fixed more positions with survey group title not escaped (Patrick Teichmann)
- #18882: [security] Stored XSS in End page (#3240) (Gabriel Jenik)
Bug Fixes and Changes
- Auto-translate was broken (Olle Haerstedt)
- #18932: 404 error after importing responses from a old response table (#3273) (Gabriel Jenik)
- #18818: Dump when using getQuestions API (#3234) (Gabriel Jenik)
- #18356: User with only user update allowed can set/remove any role to any user (#3259) (Gabriel Jenik)
- #17536: Create automatic test for XSS Purifier (#3238) (Gabriel Jenik)
6.1.6
Security
- #18915: [security] Non-superadmin Admin user is able to edit groups not owned (#3248) (Tim Willig)
- #18918: [security] Wwnership permissions update (#3251) (Patrick Teichmann)
- #18917: [security] Stored XSS in the user group deletion confirmation popup (#3249) (Patrick Teichmann)
- #18913: [security] Incorrect permissions for useraction (#3253) (Patrick Teichmann)
- #18356: [security] User with only user update allowed can set/remove any role to any user (#2625) (Gabriel Jenik)
Bug Fixes and Changes
- CR-1206: Token field in responses table not actionable (#3230) (Tim Willig)
- CR-1205: Request-URI Too Large on Responses page (#3235) (Tim Willig)
- #18630: Survey list showing wrong icon for surveys. (#3232) (Gabriel Jenik)
- CR-1234: Show more is inconsistent in Survey settings overview - Text elements card (tiborpacalat)
- CR-1232: Survey settings overview - Vertical spacing between items is not equal (#3236) (tiborpacalat)
6.1.5
Security
- [security] #18868: No CRSF control for action of label set (Denis Chenu)
- [security] #18866: Label sets can be created by any admin user (#3212) (Denis Chenu)
- #18912: [security] Able to change username that is by default unchangeable (Patrick Teichmann)
- #18883: [security] Stored XSS vulnerability in user profile (#3247) (Patrick Teichmann)
- #18881: [security] CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439 (#3237) (Gabriel Jenik)
Bug Fixes and Changes
- SQL error on import if quota member code is too long (Carsten Schmitz)
- Disable system information in demo mode (Carsten Schmitz)
- 18821: Public url is not used for SURVEYURL (#3229) (Tim Willig)
- #18896: Error on Postgres when creating a survey and expressionQuestionHelp plugins is activated (Carsten Schmitz)
- #18891: Capital letters N/Y in name of inherited survey themes are replaced by "Off" (Carsten Schmitz)
- #18885: CSRF Leading to reset Boxes (#3239) (Gabriel Jenik)
- #18706: Cannot use expression in End url description (#3204) (Gabriel Jenik)
- #18465: ComfortUpdate shows error message to contact the LimeSurvey team, while just retrying usually works (Carsten Schmitz)