Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
toggle
James Falkner
Initial Security Advisories for Liferay Portal 6.1 GA1
9. Juli 2012 14:37
Antwort

James Falkner

Community Moderator

Rang: Liferay Legend

Nachrichten: 1406

Eintrittsdatum: 17. September 2010

Neue Beiträge

The following advisories have now been documented on the Known Vulnerabilities page:
  1. CST-SA: LPS-28423 Delete any file on the server
  2. CST-SA: LPS-26930 Reconfigure Liferay to use a remote cache
  3. CST-SA: LPS-28358 SecureFilter can be bypassed
  4. CST-SA: LPS-28309 Directory Traversal
  5. CST-SA: LPS-26940 Users without the ASSIGN_MEMBER permission can still assign users to an organization
  6. CST-SA: LPS-26935 All JSON web services are accessible without authentication.
  7. CST-SA: LPS-27726 Remote code execution in Calendar portlet
This represents the currently known Severity-1 vulnerabilities for Liferay Portal 6.1 GA1. They are all fixed in the upcoming GA2 release.

Going forward, new individual vulnerabilities will be posted to this forum category, including Severity-1 and Severity-2 issues. Binary and source patches will be made available for all Severity-1 issues.
Patrick Wolf
RE: Initial Security Advisories for Liferay Portal 6.1 GA1
9. Juli 2012 14:51
Antwort

Patrick Wolf

Rang: Regular Member

Nachrichten: 127

Eintrittsdatum: 15. September 2010

Neue Beiträge

That's cool. Not the security vulnerabilities but the message board post created for these issues. Thank you for that James.

Participate in the State of Liferay Community 2017. Help the community and even win some prizes!