Users noticed that upon logging into the LimeSurvey admin panel, the application initiated an external request. In environments with strict firewall rules or high-security requirements, this "phone home" behavior can be a red flag, as it potentially leaks server information or exposes the instance to external tracking. Why does this matter?
: Providing administrators with better options to disable external checks in air-gapped or high-security environments. Best Practices for LimeSurvey Admins 124749
: Use the config.php file to restrict update checks if your server should not have internet access. Users noticed that upon logging into the LimeSurvey
Below is a draft blog post designed for a tech-focused audience or LimeSurvey users. Security Spotlight: Resolving LimeSurvey Ticket #124749 : Providing administrators with better options to disable
The development team tracked this behavior to specific checks within the admin interface—often related to update notifications or plugin verification. Following the discussion in Ticket #124749, improvements were made to:
: Clarifying which services require external access.
For researchers and organizations handling sensitive data, total control over network traffic is non-negotiable. Whether it's for compliance (like GDPR) or general security hardening, knowing exactly why your software is making external calls is vital. The Resolution