Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
James Falkner
Initial Security Advisories for Liferay Portal 6.1 GA1
9. Juli 2012 14:37

James Falkner

Community Moderator

Rang: Liferay Legend

Nachrichten: 1406

Eintrittsdatum: 17. September 2010

Neue Beiträge

The following advisories have now been documented on the Known Vulnerabilities page:
  1. CST-SA: LPS-28423 Delete any file on the server
  2. CST-SA: LPS-26930 Reconfigure Liferay to use a remote cache
  3. CST-SA: LPS-28358 SecureFilter can be bypassed
  4. CST-SA: LPS-28309 Directory Traversal
  5. CST-SA: LPS-26940 Users without the ASSIGN_MEMBER permission can still assign users to an organization
  6. CST-SA: LPS-26935 All JSON web services are accessible without authentication.
  7. CST-SA: LPS-27726 Remote code execution in Calendar portlet
This represents the currently known Severity-1 vulnerabilities for Liferay Portal 6.1 GA1. They are all fixed in the upcoming GA2 release.

Going forward, new individual vulnerabilities will be posted to this forum category, including Severity-1 and Severity-2 issues. Binary and source patches will be made available for all Severity-1 issues.
Patrick Wolf
RE: Initial Security Advisories for Liferay Portal 6.1 GA1
9. Juli 2012 14:51

Patrick Wolf

Rang: Regular Member

Nachrichten: 126

Eintrittsdatum: 15. September 2010

Neue Beiträge

That's cool. Not the security vulnerabilities but the message board post created for these issues. Thank you for that James.