Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
toggle
Tom Cloyd
Liferay status relative to current Java 7u10-11 vulnerability?
14. Januar 2013 16:56
Antwort

Tom Cloyd

Rang: New Member

Nachrichten: 1

Eintrittsdatum: 8. Januar 2013

Neue Beiträge

It's not looking good for Java, if this is to be believed. I'm NOT a java programmer, and only just starting with Liferay, so I'm concerned. I don't see any discussion of this issue in the forums. Does anyone have any idea what the answer to my question might be, both immediately and going forward?
David H Nebinger
RE: Liferay status relative to current Java 7u10-11 vulnerability?
15. Januar 2013 05:24
Antwort

David H Nebinger

Community Moderator

Rang: Liferay Legend

Nachrichten: 11046

Eintrittsdatum: 1. September 2006

Neue Beiträge

Liferay is not compatible w/ java 7, so the fix is not relevant.

That said, the vulnerability involves both java 5 and java 6, and there is yet to be a patch for either.

However, if you read the actual information, the attack vector is only on the client side in the browser using the java plugin. Server side java is not part of the attack vector, so this makes the vulnerability also irrelevant.